CertificatePublicKeyVerify - Key Management Service - Alibaba Cloud Documentation Center

Verifies a signature by using a specified certificate.

Operation description

The signature algorithm in the request parameters must match the key type. The following table describes the mapping between signature algorithms and key types.

Algorithm	Key Spec
RSA_PKCS1_SHA_256	RSA_2048
RSA_PSS_SHA_256	RSA_2048
ECDSA_SHA_256	EC_P256
SM2DSA	EC_SM2
In this example, the certificate whose ID is `12345678-1234-1234-1234-12345678**` and the signature algorithm `ECDSA_SHA_256` are used to verify the digital signature `ZOyIygCyaOW6Gj**MlNKiuyjfzw=` of the raw data `VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=`.

Debugging

You can run this interface directly in OpenAPI Explorer, saving you the trouble of calculating signatures. After running successfully, OpenAPI Explorer can automatically generate SDK code samples.

Debug

Authorization information

There is currently no authorization information disclosed in the API.

Request parameters

Parameter	Type	Required	Description	Example
CertificateId	string	Yes	The ID of the certificate. The ID must be globally unique in Certificates Manager.	12345678-1234-1234-1234-12345678****
Algorithm	string	Yes	The signature algorithm. Valid values: RSA_PKCS1_SHA_256 RSA_PSS_SHA_256 ECDSA_SHA_256 SM2DSA Note The SM2DSA signature algorithm is supported only in regions where managed hardware security modules (HSMs) are used in the Chinese mainland. For more information, see Managed HSM overview.	ECDSA_SHA_256
Message	string	Yes	The raw data that is signed. The value is encoded in Base64. For example, if the raw data in the hexadecimal format is `[0x31, 0x32, 0x33, 0x34]`, set this parameter to the Base64-encoded value `MTIzNA==`. If the MessageType parameter is set to RAW, the size of the data must be less than or equal to 4 KB. If the size of the data is greater than 4 KB, you can set the MessageType parameter to DIGEST and set the Message parameter to the digest of the data. The digest is also called hash value. You can compute the digest of the data on an on-premises device. Certificates Manager uses the digest that you compute in your own certificate application system. The message digest algorithm that you use must match the specified signature algorithm. Comply with the following mapping between signature algorithms and message digest algorithms: If the signature algorithm is RSA_PKCS1_SHA_256, RSA_PSS_SHA_256, or ECDSA_SHA_256, the message digest algorithm must be SHA-256. If the signature algorithm is SM2DSA, the message digest algorithm must be SM3. Note If the key type of the certificate is EC_SM2 and the MessageType parameter is set to DIGEST, the value of the Message parameter is `e` that is described in GB/T 32918.2-2016 6.1.	VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
MessageType	string	Yes	The type of the message. Valid values: RAW: the raw data. This is the default value. DIGEST: the message digest (hash value) of the raw data.	RAW
SignatureValue	string	Yes	The signature value. The value is encoded in Base64.	ZOyIygCyaOW6Gj****MlNKiuyjfzw=

For more information about common request parameters, see Common parameters.

Response parameters

Parameter	Type	Description	Example
	object
RequestId	string	The ID of the request, which is used to locate and troubleshoot issues.	5979d897-d69f-4fc9-87dd-f3bb73c40b80
CertificateId	string	The ID of the certificate.	12345678-1234-1234-1234-12345678****
SignatureValid	boolean	The verification result. Valid values: true: The signature is valid. false: The signature is invalid.	true

Examples

Sample success responses

JSONformat

{
  "RequestId": "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
  "CertificateId": "12345678-1234-1234-1234-12345678****",
  "SignatureValid": true
}

Error codes

HTTP status code	Error code	Error message	Description
400	InvalidParameter	The specified parameter is not valid.	An invalid value is specified for the parameter.
404	InvalidAccessKeyId.NotFound	The specified AccessKey ID does not exist.	The AccessKey ID is not found.

For a list of error codes, visit the Service error codes.