crypto.sign(mode, message, privateKey, callback)

Description

This method performs a hash on the specified message using the provided key. What kind of hash is applied is determined by the constant passed into the mode parameter.

Currently, only one hash type is supported: the SHA256 RSA signature scheme, which is selected by passing the constant crypto.RSASSA_PKCS1_SHA256 into mode. The value of key must be an RSA private key: DER-encoded PKCS#1 or PKCS#8. Only keys between 1024 and 4096 bits in length (inclusive) are supported. Keys must not be password encrypted.

The message to be signed must not be larger than 65536 bytes (64KB).

The method returns immediately. The hash is processed asynchronously and the signature returned to the mandatory callback function via its signature parameter. The signature is returned as a blob. Signatures can be verified using crypto.verify().

Passing an invalid mode or a malformed key will cause an exception to be thrown.

Usage Rate Limits

Use of crypto.sign() will be rate-limited as follows. Each agent has 40 usage credits which will be spent according to the length of the key used to sign or verify the data on a per-call basis:

credits used = key length in bits ÷ 1024

Credits are topped up at the fixed rate of two credits per second.

If you make a call when you have no usage credits, an exception will be thrown. Other errors are passed into the callback function’s error parameter, which will be null if no error occurred.

Note We reserve the right to alter the number of credits provided to an agent, the rate of renewal and the cost per key.