# File lib/mixlib/authentication/signedheaderauth.rb, line 103
      def sign(rsa_key, sign_algorithm = algorithm, sign_version = proto_version, **opts)
        # Backwards compat stuff.
        if sign_algorithm.is_a?(Hash)
          # Was called like sign(key, sign_algorithm: 'foo', other: 'bar')
          opts.update(sign_algorithm)
          opts[:sign_algorithm] ||= algorithm
          opts[:sign_version] ||= sign_version
        else
          # Was called like sign(key, 'foo', '1.3', other: 'bar')
          Mixlib::Authentication.logger.warn("Using deprecated positional arguments for sign(), please update to keyword arguments (from #{caller[1][/^(.*:\d+):in /, 1]})") unless sign_algorithm == algorithm
          opts[:sign_algorithm] ||= sign_algorithm
          opts[:sign_version] ||= sign_version
        end
        sign_algorithm = opts[:sign_algorithm]
        sign_version = opts[:sign_version]
        use_ssh_agent = opts[:use_ssh_agent]

        digest = validate_sign_version_digest!(sign_algorithm, sign_version)
        # Our multiline hash for authorization will be encoded in multiple header
        # lines - X-Ops-Authorization-1, ... (starts at 1, not 0!)
        header_hash = {
          "X-Ops-Sign" => "algorithm=#{sign_algorithm};version=#{sign_version};",
          "X-Ops-Userid" => user_id,
          "X-Ops-Timestamp" => canonical_time,
          "X-Ops-Content-Hash" => hashed_body(digest),
        }

        signature = Base64.encode64(do_sign(rsa_key, digest, sign_algorithm, sign_version, use_ssh_agent)).chomp
        signature_lines = signature.split(/\n/)
        signature_lines.each_index do |idx|
          key = "X-Ops-Authorization-#{idx + 1}"
          header_hash[key] = signature_lines[idx]
        end

        Mixlib::Authentication.logger.trace "Header hash: #{header_hash.inspect}"

        header_hash
      end