Contact UsGet started
© 2025 Direct Cursus Technology L.L.C.

Key Management Service API, REST: AsymmetricSignatureKey.Get

Written by
Updated at August 8, 2025

Returns the specified asymmetric KMS key.

To get the list of available asymmetric KMS keys, make a [SymmetricKeyService.List] request.

HTTP request

GET https://kms.api.cloud.yandex.net/kms/v1/asymmetricSignatureKeys/{keyId}

Path parameters

Field

Description

keyId

string

Required field. ID of the asymmetric KMS key to return.
To get the ID of an asymmetric KMS key use a AsymmetricSignatureKeyService.List request.

Response

HTTP Code: 200 - OK

{
  "id": "string",
  "folderId": "string",
  "createdAt": "string",
  "name": "string",
  "description": "string",
  "labels": "object",
  "status": "string",
  "signatureAlgorithm": "string",
  "deletionProtection": "boolean"
}

An asymmetric KMS key that may contain several versions of the cryptographic material.

Field

Description

id

string

ID of the key.

folderId

string

ID of the folder that the key belongs to.

createdAt

string (date-time)

Time when the key was created.

String in RFC3339 text format. The range of possible values is from
0001-01-01T00:00:00Z to 9999-12-31T23:59:59.999999999Z, i.e. from 0 to 9 digits for fractions of a second.

To work with values in this field, use the APIs described in the
Protocol Buffers reference.
In some languages, built-in datetime utilities do not support nanosecond precision (9 digits).

name

string

Name of the key.

description

string

Description of the key.

labels

object (map<string, string>)

Custom labels for the key as key:value pairs. Maximum 64 per key.

status

enum (Status)

Current status of the key.

  • STATUS_UNSPECIFIED
  • CREATING: The key is being created.
  • ACTIVE: The key is active and can be used for encryption and decryption or signature and verification.
    Can be set to INACTIVE using the [AsymmetricKeyService.Update] method.
  • INACTIVE: The key is inactive and unusable.
    Can be set to ACTIVE using the [AsymmetricKeyService.Update] method.

signatureAlgorithm

enum (AsymmetricSignatureAlgorithm)

Signature Algorithm ID.

  • ASYMMETRIC_SIGNATURE_ALGORITHM_UNSPECIFIED
  • RSA_2048_SIGN_PSS_SHA_256: RSA-2048 signature with PSS padding and SHA-256
  • RSA_2048_SIGN_PSS_SHA_384: RSA-2048 signature with PSS padding and SHA-384
  • RSA_2048_SIGN_PSS_SHA_512: RSA-2048 signature with PSS padding and SHA-512
  • RSA_3072_SIGN_PSS_SHA_256: RSA-3072 signature with PSS padding and SHA-256
  • RSA_3072_SIGN_PSS_SHA_384: RSA-3072 signature with PSS padding and SHA-384
  • RSA_3072_SIGN_PSS_SHA_512: RSA-3072 signature with PSS padding and SHA-512
  • RSA_4096_SIGN_PSS_SHA_256: RSA-4096 signature with PSS padding and SHA-256
  • RSA_4096_SIGN_PSS_SHA_384: RSA-4096 signature with PSS padding and SHA-384
  • RSA_4096_SIGN_PSS_SHA_512: RSA-4096 signature with PSS padding and SHA-512
  • ECDSA_NIST_P256_SHA_256: ECDSA signature with NIST P-256 curve and SHA-256
  • ECDSA_NIST_P384_SHA_384: ECDSA signature with NIST P-384 curve and SHA-384
  • ECDSA_NIST_P521_SHA_512: ECDSA signature with NIST P-521 curve and SHA-512
  • ECDSA_SECP256_K1_SHA_256: ECDSA signature with SECP256_K1 curve and SHA-256

deletionProtection

boolean

Flag that inhibits deletion of the key
Previous
Create
Next
List
© 2025 Direct Cursus Technology L.L.C.