diff --git a/src/infra/sign_backend/memory/backend.rs b/src/infra/sign_backend/memory/backend.rs
index 76fe49d5e3c9fb3423f4d470a416616f6d77b38b..f9ea1419204c3eac2c9e5ee0fa53ccef6d8e50dc 100644
--- a/src/infra/sign_backend/memory/backend.rs
+++ b/src/infra/sign_backend/memory/backend.rs
@@ -31,7 +31,7 @@ use crate::domain::encryption_engine::EncryptionEngine;
 use crate::domain::datakey::entity::SecDataKey;
 use crate::infra::sign_plugin::signers::Signers;
 use crate::domain::datakey::entity::DataKey;
-use crate::util::error::Result;
+use crate::util::error::{Error, Result};
 use async_trait::async_trait;
 use crate::infra::encryption::algorithm::factory::AlgorithmFactory;
 
@@ -80,7 +80,9 @@ impl MemorySignBackend {
 #[async_trait]
 impl SignBackend for MemorySignBackend {
     async fn validate_and_update(&self, data_key: &mut DataKey) -> Result<()> {
-        let _ = Signers::validate_and_update(data_key)?;
+        if let Err(err) = Signers::validate_and_update(data_key) {
+            return Err(Error::ParameterError(format!("failed to validate imported key content: {}", err)));
+        }
         data_key.private_key = self.engine.encode(data_key.private_key.clone()).await?;
         data_key.public_key = self.engine.encode(data_key.public_key.clone()).await?;
         data_key.certificate = self.engine.encode(data_key.certificate.clone()).await?;
diff --git a/src/infra/sign_plugin/openpgp.rs b/src/infra/sign_plugin/openpgp.rs
index 38abb090ac4378696847250a28b513aa1b20e5fd..7b2cabfafcb40cc401a17f4e39d516b5d8c396b7 100644
--- a/src/infra/sign_plugin/openpgp.rs
+++ b/src/infra/sign_plugin/openpgp.rs
@@ -41,7 +41,22 @@ use validator::{Validate, ValidationError};
 use pgp::composed::StandaloneSignature;
 use crate::domain::datakey::entity::{DataKey, DataKeyContent, SecDataKey};
 use crate::util::key::encode_u8_to_hex_string;
-use super::util::{validate_utc_time_not_expire, validate_utc_time};
+use super::util::{validate_utc_time_not_expire, validate_utc_time, attributes_validate};
+
+#[derive(Debug, Validate, Deserialize)]
+pub struct PgpKeyImportParameter {
+    #[validate(custom( function = "validate_key_type", message="invalid openpgp attribute 'key_type'"))]
+    key_type: String,
+    #[validate(custom(function = "validate_key_size", message="invalid openpgp attribute 'key_length'"))]
+    key_length: String,
+    #[validate(custom(function= "validate_digest_algorithm_type", message="invalid digest algorithm"))]
+    digest_algorithm: String,
+    #[validate(custom(function = "validate_utc_time", message="invalid openpgp attribute 'create_at'"))]
+    create_at: String,
+    #[validate(custom(function= "validate_utc_time_not_expire", message="invalid openpgp attribute 'expire_at'"))]
+    expire_at: String,
+    passphrase: Option<String>
+}
 
 
 #[derive(Debug, Validate, Deserialize)]
@@ -153,6 +168,7 @@ impl SignPlugins for OpenPGPPlugin {
     }
 
     fn validate_and_update(key: &mut DataKey) -> Result<()> where Self: Sized {
+        let _ = attributes_validate::<PgpKeyImportParameter>(&key.attributes)?;
         //validate the digest
         if let Some(digest_str) = key.attributes.get("digest_algorithm") {
             let _ = get_digest_algorithm(digest_str)?;
@@ -186,7 +202,7 @@ impl SignPlugins for OpenPGPPlugin {
     fn generate_keys(
         attributes: &HashMap<String, String>,
     ) -> Result<DataKeyContent> {
-        let parameter = OpenPGPPlugin::attributes_validate(attributes)?;
+        let parameter = attributes_validate::<PgpKeyGenerationParameter>(attributes)?;
         let mut key_params = SecretKeyParamsBuilder::default();
         let create_at = parameter.create_at.parse()?;
         let expire :DateTime<Utc> = parameter.expire_at.parse()?;
diff --git a/src/infra/sign_plugin/util.rs b/src/infra/sign_plugin/util.rs
index b714bd436cfd4bbd0ab9a9ea69a1defd07177de5..597fd67a07cc478434005cff0054ea25c1282661 100644
--- a/src/infra/sign_plugin/util.rs
+++ b/src/infra/sign_plugin/util.rs
@@ -11,8 +11,11 @@
  * // NON-INFRINGEMENT, MERCHANTABILITY OR FIT FOR A PARTICULAR PURPOSE.
  * // See the Mulan PSL v2 for more details.
  */
-use validator::{ValidationError};
+use validator::{Validate, ValidationError};
 use chrono::{DateTime, Utc};
+use serde::Deserialize;
+use crate::util::error::{Error, Result as CommonResult};
+use std::collections::HashMap;
 
 pub fn validate_utc_time_not_expire(expire: &str) -> Result<(), ValidationError> {
     let now = Utc::now();
@@ -38,4 +41,13 @@ pub fn validate_utc_time(expire: &str) -> Result<(), ValidationError> {
             Err(ValidationError::new("failed to parse time string to utc"))
         }
     }
+}
+
+pub fn attributes_validate<T: Validate + for<'a> Deserialize<'a>>(attr: &HashMap<String, String>) -> CommonResult<T> {
+    let parameter:T  =
+        serde_json::from_str(serde_json::to_string(attr)?.as_str())?;
+    match parameter.validate() {
+        Ok(_) => Ok(parameter),
+        Err(e) => Err(Error::ParameterError(format!("{:?}", e))),
+    }
 }
\ No newline at end of file
diff --git a/src/infra/sign_plugin/x509.rs b/src/infra/sign_plugin/x509.rs
index 187af5a2121a27eebb16cfdf5ba2ab4698916c6a..757cbeb76b6bf15612310ddbf9222cc3be3e6c9d 100644
--- a/src/infra/sign_plugin/x509.rs
+++ b/src/infra/sign_plugin/x509.rs
@@ -38,7 +38,7 @@ use crate::domain::datakey::entity::{DataKey, DataKeyContent, SecDataKey};
 use crate::util::error::{Error, Result};
 use crate::domain::sign_plugin::SignPlugins;
 use crate::util::key::encode_u8_to_hex_string;
-use super::util::{validate_utc_time_not_expire, validate_utc_time};
+use super::util::{validate_utc_time_not_expire, validate_utc_time, attributes_validate};
 
 #[derive(Debug, Validate, Deserialize)]
 pub struct X509KeyGenerationParameter {
@@ -66,6 +66,21 @@ pub struct X509KeyGenerationParameter {
     expire_at: String,
 }
 
+#[derive(Debug, Validate, Deserialize)]
+pub struct X509KeyImportParameter {
+    key_type: String,
+    #[validate(custom(function = "validate_x509_key_size", message="invalid x509 attribute 'key_length'"))]
+    key_length: String,
+    #[validate(custom(function= "validate_x509_digest_algorithm_type", message="invalid digest algorithm"))]
+    digest_algorithm: String,
+    #[validate(custom(function = "validate_utc_time", message="invalid x509 attribute 'create_at'"))]
+    create_at: String,
+    #[validate(custom(function= "validate_utc_time_not_expire", message="invalid x509 attribute 'expire_at'"))]
+    expire_at: String,
+}
+
+
+
 impl X509KeyGenerationParameter {
     pub fn get_key(&self) -> Result<PKey<Private>> {
         return match self.key_type.as_str() {
@@ -139,17 +154,6 @@ pub struct X509Plugin {
     attributes: HashMap<String, String>
 }
 
-impl X509Plugin {
-    pub fn attributes_validate(attr: &HashMap<String, String>) -> Result<X509KeyGenerationParameter> {
-        let parameter: X509KeyGenerationParameter =
-            serde_json::from_str(serde_json::to_string(&attr)?.as_str())?;
-        match parameter.validate() {
-            Ok(_) => Ok(parameter),
-            Err(e) => Err(Error::ParameterError(format!("{:?}", e))),
-        }
-    }
-}
-
 impl SignPlugins for X509Plugin {
     fn new(db: SecDataKey) -> Result<Self> {
         Ok(Self {
@@ -162,6 +166,7 @@ impl SignPlugins for X509Plugin {
     }
 
     fn validate_and_update(key: &mut DataKey) -> Result<()> where Self: Sized {
+        let _ = attributes_validate::<X509KeyImportParameter>(&key.attributes)?;
         let _private_key = PKey::private_key_from_pem(&key.private_key)?;
         let certificate = x509::X509::from_pem(&key.certificate)?;
         if !key.public_key.is_empty() {
@@ -186,7 +191,7 @@ impl SignPlugins for X509Plugin {
     fn generate_keys(
         attributes: &HashMap<String, String>,
     ) -> Result<DataKeyContent> {
-        let parameter = X509Plugin::attributes_validate(attributes)?;
+        let parameter = attributes_validate::<X509KeyGenerationParameter>(attributes)?;
         let keys = parameter.get_key()?;
         let mut generator = x509::X509Builder::new()?;
         generator.set_subject_name(parameter.get_subject_name()?.as_ref())?;
diff --git a/src/presentation/handler/control/datakey_handler.rs b/src/presentation/handler/control/datakey_handler.rs
index b52c9bfde04f883754b70dd04edf315badf44e6a..3e7b6169f230a67b76535b32e629d32ea0368826 100644
--- a/src/presentation/handler/control/datakey_handler.rs
+++ b/src/presentation/handler/control/datakey_handler.rs
@@ -351,12 +351,15 @@ async fn disable_data_key(user: UserIdentity, key_service: web::Data<dyn KeyServ
 ///  =c1i2
 /// -----END PGP PUBLIC KEY BLOCK-----
 /// ```
-/// you can specify the digest algorithm as well in the `attributes`, leave it blank will lead to the usage of 'sha2_256' as default.
-/// passphrase **MUST** be specified for accessing the imported keys when do signing.
+/// you need to specify the `digest_algorithm`, `key_type`, `expire` and `key_length` in the `attributes` as well,
+/// passphrase **MUST** be specified for accessing the imported keys which specified passphrase when generating.
 /// ```json
 /// "attributes": {
 ///     "digest_algorithm": "sha2_256"
 ///     "passphrase": "husheng@1234"
+///     "key_type": "rsa",
+///     "key_length": "2048",
+///     "expire_at": "2024-07-12 22:10:57+08:00"
 /// }
 /// ```
 /// ## Import openSSL x509 keys
@@ -370,6 +373,14 @@ async fn disable_data_key(user: UserIdentity, key_service: web::Data<dyn KeyServ
 /// IHehlWfHhjCxtw5Kzl3ncrHA
 /// -----END PRIVATE KEY-----
 /// ```
+/// you need to specify the `digest_algorithm`, `key_type`, `expire` and `key_length` in the `attributes` as well,
+/// ```json
+/// "attributes": {
+///     "digest_algorithm": "sha2_256"
+///     "key_type": "rsa",
+///     "key_length": "2048",
+///     "expire_at": "2024-07-12 22:10:57+08:00"
+/// }
 /// ## Example
 /// Call the api endpoint with following curl.
 /// ```text