Verifies a signature by using an asymmetric key.

This operation is only supported for asymmetric keys with Usage set to SIGN/VERIFY. The following table lists the supported signature algorithms.






RSASSA-PSS using SHA-256 and MGF1 with SHA-256



RSASSA-PKCS1-v1_5 using SHA-256



ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest



ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest


OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description 
Action String Yes AsymmetricVerify

The operation that you want to perform. Set the value to AsymmetricVerify.

KeyId String Yes 5c438b18-05be-40ad-b6c2-3be6752c****

The globally unique ID of the CMK. This parameter can also be specified as an alias bound to the CMK. For more information, see Use aliases.

KeyVersionId String Yes 2ab1a983-7072-4bbc-a582-584b5bd8****

The globally unique ID of the CMK version.

Algorithm String Yes RSA_PSS_SHA_256

The signature algorithm to use.

Digest String Yes ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=

The Base64-encoded digest generated for the raw message by using the hash algorithm specified by the Algorithm parameter.

Value String Yes M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq3a/w==

The signature value you want to verify, which is Base64-encoded.

Response parameters

Parameter Type Example Description
Value Boolean true

Indicates whether the signature passed the verification.

KeyId String 5c438b18-05be-40ad-b6c2-3be6752c****

The globally unique ID of the CMK.

Note If you set the KeyId parameter to the alias of the CMK, the ID of the CMK to which the alias is bound is returned.
RequestId String 475f1620-b9d3-4d35-b5c6-3fbdd941423d

The ID of the request.

KeyVersionId String 2ab1a983-7072-4bbc-a582-584b5bd8****

The CMK version used to encrypt the plaintext.


Sample requests

&<Common request parameters>

Sample success responses

XML format


JSON format

  "KeyId": "5c438b18-05be-40ad-b6c2-3be6752c****",
  "KeyVersionId": "2ab1a983-7072-4bbc-a582-584b5bd8****",
  "Value": true,
  "RequestId": "475f1620-b9d3-4d35-b5c6-3fbdd941423d"

Error codes

For a list of error codes, visit the API Error Center.