All Products
Search
Document Center

Key Management Service:Verify

Last Updated:Jan 30, 2024

Verifies a digital signature by using an asymmetric key.

Usage notes

For more information about key specifications and encryption modes, see Key types and specifications.

Usage notes

After all request parameters are encoded by using Protocol Buffers, the request body cannot exceed 3 MB in length. If the request body exceeds 3 MB, the server rejects the request and returns an HTTP 413 status code. If the size of a message to sign is large, we recommend that you locally generate a digest of the message and then call the Sign or Verify operation for signing and verification.

Request parameters

Parameter

Type

Required

Example

Description

KeyId

string

Yes

1234abcd-12ab-34cd-56ef-12345678****

The globally unique ID of the key. You can also set this parameter to an alias that is bound to the key.

Algorithm

string

Yes

RSAES_OAEP_SHA_256

The signature algorithm. Valid values:

  • RSA_PSS_SHA_256

  • RSA_PKCS1_SHA_256

  • ECDSA_SHA_256

  • SM2DSA

Note

The signature algorithm must be consistent with the signature algorithm that is returned in the Sign operation.

MessageType

string

Yes

RAW

The message type. Valid values:

  • RAW: the raw data. This is the default value.

  • DIGEST: the message digest of the raw data. Key Management Service (KMS) does not process the message digest of the raw data. KMS directly uses a private key to sign data.

Message

bytes

Yes

Binary data

The message to sign.

  • If the MessageType parameter is set to RAW, the hash algorithm that is specified by the Algorithm parameter is used to generate a digest for the raw data. Then, the digest is signed.

  • If the MessageType parameter is set to DIGEST, the digest can be up to 32 bytes in length.

Signature

bytes

Yes

Binary data

The signature value to be verified.

Response parameters

Parameter

Type

Example

Description

Value

bool

true

Indicates whether the signature passed the verification. Valid values:

  • true

  • false

KeyId

string

1234abcd-12ab-34cd-56ef-12345678****

The globally unique ID of the key. If the KeyId parameter is set to an alias of the key, the ID of the key to which the alias is bound is returned.

Algorithm

string

RSAES_OAEP_SHA_256

The signing algorithm.

MessageType

string

RAW

The type of the message.

RequestId

string

475f1620-b9d3-4d35-b5c6-3fbdd941423d

The request ID.

Error codes

For a list of error codes, see Service error codes.