Verifies a signature by using an asymmetric key.

This operation supports only asymmetric keys for which the Usage parameter is set to SIGN/VERIFY. The following table describes the supported signature algorithms.

KeySpec

Algorithm

Description

RSA_2048

RSA_PSS_SHA_256

RSASSA-PSS using SHA-256 and MGF1 with SHA-256

RSA_2048

RSA_PKCS1_SHA_256

RSASSA-PKCS1-v1_5 using SHA-256

RSA_3072

RSA_PSS_SHA_256

RSASSA-PSS using SHA-256 and MGF1 with SHA-256

RSA_3072

RSA_PKCS1_SHA_256

RSASSA-PKCS1-v1_5 using SHA-256

EC_P256

ECDSA_SHA_256

ECDSA on the P-256 Curve(secp256r1) with a SHA-256 digest

EC_P256K

ECDSA_SHA_256

ECDSA on the P-256K Curve(secp256k1) with a SHA-256 digest

EC_SM2

SM2DSA

SM2 elliptic curve public key encryption algorithm

Note When you calculate the SM2 signature based on GB/T 32918, the Digest parameter is used to calculate the digest value of the combination of Z(A) and M, rather than the SM3 digest value. M indicates the original message to be signed. Z(A) indicates the hash value for User A. The hash value is defined in GB/T 32918.

In this example, the asymmetric key whose ID is 5c438b18-05be-40ad-b6c2-3be6752c**** and version ID is 2ab1a983-7072-4bbc-a582-584b5bd8**** and the signature algorithm RSA_PSS_SHA_256 are used to verify the signature M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****== of the digest ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuyjfzw=.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer. OpenAPI Explorer dynamically generates the sample code of the operation for different SDKs.

Request parameters

Parameter Type Required Example Description
Action String Yes AsymmetricVerify

The operation that you want to perform. Set the value to AsymmetricVerify.

KeyId String Yes 5c438b18-05be-40ad-b6c2-3be6752c****

The ID of the CMK. The ID must be globally unique.

Note You can also set this parameter to an alias that is bound to the CMK. For more information, see Overview of aliases.
KeyVersionId String Yes 2ab1a983-7072-4bbc-a582-584b5bd8****

The version ID of the CMK. The ID must be globally unique.

Algorithm String Yes RSA_PSS_SHA_256

The signature algorithm.

Digest String Yes ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=

The digest that is generated for the original message by using a hash algorithm. The hash algorithm is specified by the Algorithm parameter.

Note The value is encoded in Base64.
Value String Yes M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==

The signature value to be verified.

Note The value is encoded in Base64.

For more information about common request parameters, see Common parameters.

Response parameters

Parameter Type Example Description
KeyVersionId String 2ab1a983-7072-4bbc-a582-584b5bd8****

The version ID of the CMK that is used to encrypt the plaintext.

KeyId String 5c438b18-05be-40ad-b6c2-3be6752c****

The ID of the CMK. The ID must be globally unique.

Note If you set the KeyId parameter in the request to an alias, the ID of the CMK to which the alias is bound is returned.
Value Boolean true

Indicates whether the signature passed the verification.

RequestId String 475f1620-b9d3-4d35-b5c6-3fbdd941423d

The ID of the request, which is used to locate and troubleshoot issues.

Examples

Sample requests

http(s)://[Endpoint]/?Action=AsymmetricVerify
&KeyId=5c438b18-05be-40ad-b6c2-3be6752c****
&KeyVersionId=2ab1a983-7072-4bbc-a582-584b5bd8****
&Algorithm=RSA_PSS_SHA_256
&Digest=ZOyIygCyaOW6GjVnihtTFtIS9PNmskdyMlNKiuy****=
&Value=M2CceNZH00ZgL9ED/ZHFp21YRAvYeZHknJUc207OCZ0N9wNn9As4z2bON3FF3je+1Nu+2+/8Zj50HpMTpzYpMp2R93cYmACCmhaYoKydxylbyGzJR8y9likZRCrkD38lRoS40aBBvv/6iRKzQuo9EGYVcel36cMNg00VmYNBy3pa1rwg3gA4l3cy6kjayZja1WGPkVhrVKsrJMdbpl0ApLjXKuD8rw1n1XLCwCUEL5eLPljTZaAveqdOFQOiZnZEGI27qIiZe7I1fN8tcz6anS/gTM7xRKE++5egEvRWlTQQTJeApnPSiUPA+8ZykNdelQsOQh5SrGoyI4A5pq****==
&<Common request parameters>

Sample success responses

XML format

HTTP/1.1 200 OK
Content-Type:application/xml

<AsymmetricVerifyResponse>
    <KeyVersionId>2ab1a983-7072-4bbc-a582-584b5bd8****</KeyVersionId>
    <KeyId>5c438b18-05be-40ad-b6c2-3be6752c****</KeyId>
    <Value>true</Value>
    <RequestId>475f1620-b9d3-4d35-b5c6-3fbdd941423d</RequestId>
</AsymmetricVerifyResponse>

JSON format

HTTP/1.1 200 OK
Content-Type:application/json

{
  "KeyVersionId" : "2ab1a983-7072-4bbc-a582-584b5bd8****",
  "KeyId" : "5c438b18-05be-40ad-b6c2-3be6752c****",
  "Value" : true,
  "RequestId" : "475f1620-b9d3-4d35-b5c6-3fbdd941423d"
}

Error codes

HTTP status code Error code Error message Description
400 InvalidParameter The specified parameter is not valid. The error message returned because an invalid value is specified for the parameter.
404 Forbidden.AliasNotFound The specified Alias is not found. The error message returned because the specified alias is not found.
404 Forbidden.KeyNotFound The specified Key is not found. The error message returned because the specified CMK does not exist.
404 InvalidAccessKeyId.NotFound The Access Key ID provided does not exist in our records. The error message returned because the specified AccessKey ID does not exist.

For a list of error codes, visit the API Error Center.