Verifies a digital signature created by an asymmetric key.
Usage notes
The total size of all request parameters, encoded using Protocol Buffers, must not exceed 3 MB. If the request body exceeds this limit, the server rejects the request with HTTP 413. For large messages, generate a digest locally and pass it as the Message parameter with MessageType set to DIGEST, or call the Sign or Verify operation for signing and verification.
For supported key specifications and signature algorithms, see Key types and specifications.
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| KeyId | string | Yes | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key. You can also specify an alias bound to the key. |
| Algorithm | string | Yes | RSAES_OAEP_SHA_256 | The signature algorithm. Valid values: RSA_PSS_SHA_256, RSA_PKCS1_SHA_256, ECDSA_SHA_256, SM2DSA. Must match the algorithm used when calling the Sign operation. |
| MessageType | string | Yes | RAW | The type of the message to verify. Valid values: RAW (default), DIGEST. When set to DIGEST, Key Management Service (KMS) does not process the message digest of the raw data — KMS directly uses a private key to sign data. |
| Message | bytes | Yes | Binary data | The message to verify. If MessageType is RAW, Key Management Service (KMS) applies the hash algorithm specified by Algorithm to generate a digest, then verifies the signature. If MessageType is DIGEST, pass a pre-computed digest of up to 32 bytes. |
| Signature | bytes | Yes | Binary data | The signature value to verify. |
Response elements
| Parameter | Type | Example | Description |
|---|---|---|---|
| Value | bool | true | Indicates whether the signature is valid. Valid values: true, false. |
| KeyId | string | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key used for verification. If you specified an alias, this field returns the ID of the key the alias is bound to. |
| Algorithm | string | RSAES_OAEP_SHA_256 | The signature algorithm. |
| MessageType | string | RAW | The message type. |
| RequestId | string | 475f1620-b9d3-4d35-b5c6-3fbdd941423d | The request ID. |
Error codes
For a list of error codes, see Service error codes.