NAME
    gcloud kms asymmetric-sign - sign a user input file using an
        asymmetric-signing key version

SYNOPSIS
    gcloud kms asymmetric-sign --input-file=INPUT_FILE
        --signature-file=SIGNATURE_FILE [--digest-algorithm=DIGEST_ALGORITHM]
        [--key=KEY] [--keyring=KEYRING] [--location=LOCATION]
        [--skip-integrity-verification] [--version=VERSION]
        [GCLOUD_WIDE_FLAG ...]

DESCRIPTION
    Creates a digital signature of the input file using the provided
    asymmetric-signing key version and saves the base64 encoded signature.

    The required flag signature-file indicates the path to store signature.

    By default, the command performs integrity verification on data sent to and
    received from Cloud KMS. Use --skip-integrity-verification to disable
    integrity verification.

    For the ML-DSA EXTERNAL-MU algorithms, the digest external-mu should be
    used that depends on the public key. This command will fetch the public key
    from KMS and compute the external-mu digest. Note that this requires signer
    permissions on the associated CryptoKeyVersion.

EXAMPLES
    The following command will read the file '/tmp/my/file.to.sign', digest it
    with the digest algorithm 'sha256' and sign it using the asymmetric
    CryptoKey dont-panic Version 3, and save the signature in base64 format to
    '/tmp/my/signature'.

        $ gcloud kms asymmetric-sign --location=us-central1 \
            --keyring=hitchhiker --key=dont-panic --version=3 \
            --digest-algorithm=sha256 --input-file=/tmp/my/file.to.sign \
            --signature-file=/tmp/my/signature

REQUIRED FLAGS
     --input-file=INPUT_FILE
        Path to the input file to sign.

     --signature-file=SIGNATURE_FILE
        Path to the signature file to output.

OPTIONAL FLAGS
     --digest-algorithm=DIGEST_ALGORITHM
        The algorithm to digest the input. DIGEST_ALGORITHM must be one of:
        external-mu, sha256, sha384, sha512.

     --key=KEY
        to use for signing.

     --keyring=KEYRING
        Key ring of the key.

     --location=LOCATION
        Location of the keyring.

     --skip-integrity-verification
        Skip integrity verification on request and response API fields.

     --version=VERSION
        Version to use for signing.

GCLOUD WIDE FLAGS
    These flags are available to all commands: --access-token-file, --account,
    --billing-project, --configuration, --flags-file, --flatten, --format,
    --help, --impersonate-service-account, --log-http, --project, --quiet,
    --trace-token, --user-output-enabled, --verbosity.

    Run $ gcloud help for details.

NOTES
    These variants are also available:

        $ gcloud alpha kms asymmetric-sign

        $ gcloud beta kms asymmetric-sign

