Verifies a digital signature by using an asymmetric key.
Usage notes
After all request parameters are encoded by using Protocol Buffers, the request body cannot exceed 3 MB in length. If the request body exceeds 3 MB, the server rejects the request and returns an HTTP 413 status code.
For large messages, generate a digest locally and pass it with
MessageTypeset toDIGEST. This avoids encoding the full message in the request body.For more information about key specifications and encryption modes, see Key types and specifications.
Request parameters
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| KeyId | string | Yes | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key. You can also set this parameter to an alias bound to the key. |
| Algorithm | string | Yes | RSAES_OAEP_SHA_256 | The signature algorithm. Valid values: RSA_PSS_SHA_256, RSA_PKCS1_SHA_256, ECDSA_SHA_256, SM2DSA. Note The signature algorithm must match the algorithm returned in the Sign operation. |
| MessageType | string | Yes | RAW | The message type. Valid values: RAW (default): the raw data — the hash algorithm specified by Algorithm generates a digest, which is then verified. DIGEST: the pre-computed message digest — KMS verifies the digest directly without further hashing. The digest can be up to 32 bytes in length. |
| Message | bytes | Yes | Binary data | The message to verify. If MessageType is RAW, pass the raw data. If MessageType is DIGEST, pass the pre-computed digest (up to 32 bytes). |
| Signature | bytes | Yes | Binary data | The signature value to verify. |
Response parameters
| Parameter | Type | Example | Description |
|---|---|---|---|
| Value | bool | true | Indicates whether the signature passed verification. Returns true if the signature is valid, false if not. |
| KeyId | string | 1234abcd-12ab-34cd-56ef-12345678**** | The globally unique ID of the key. If KeyId was set to an alias, the ID of the key bound to that alias is returned. |
| Algorithm | string | RSAES_OAEP_SHA_256 | The signing algorithm. |
| MessageType | string | RAW | The message type. |
| RequestId | string | 475f1620-b9d3-4d35-b5c6-3fbdd941423d | The request ID. |
Error codes
For a list of error codes, see Service error codes.