Updated on 2022-09-15 GMT+08:00

Verifying Signature

Function

This API enables you to verify a digital signature that was generated by the sign operation.

Constraints

  • Only support asymmetric keys with key_usage of SIGN_VERIFY for verifying operation.

URI

POST /v1.0/{project_id}/kms/verify

Table 1 Path parameters

Parameter

Mandatory

Type

Description

project_id

Yes

String

Project ID.

Request Parameters

Table 2 Request header parameters

Parameter

Mandatory

Type

Description

X-Auth-Token

Yes

String

User token. The token can be obtained by calling the IAM API (value of X-Subject-Token in the response header).

Table 3 Request body parameters

Parameter

Mandatory

Type

Description

key_id

Yes

String

Key ID. It should be 36 bytes and match the regular expression ^[0-9a-z]{8}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{4}-[0-9a-z]{12}$. Example: 0d0466b0-e727-4d9c-b35d-f84bb474a37f

message

Yes

String

Specifies the message or message digest to sign. Messages can be 0-4096 bytes. To sign a larger message, provide the message digest.Using Base64-encoded binary data object.

signature

Yes

String

The signature that the Sign operation generated.

signing_algorithm

Yes

String

Specifies the signing algorithm to use when signing the message. Choose an algorithm that is compatible with the type of the specified asymmetric CMK.It can be:

  • RSASSA_PSS_SHA_256

  • RSASSA_PSS_SHA_384

  • RSASSA_PSS_SHA_512

  • RSASSA_PKCS1_V1_5_SHA_256

  • RSASSA_PKCS1_V1_5_SHA_384

  • RSASSA_PKCS1_V1_5_SHA_512

  • ECDSA_SHA_256

  • ECDSA_SHA_384

  • ECDSA_SHA_512

message_type

No

String

Message Type. The default value is "DIGEST" It can be:

  • DIGEST : message digest

  • RAW : message

sequence

No

String

36-byte sequence number of a request message. Example: 919c82d4-8046-4722-9094-35c3c6524cff

Response Parameters

Status code: 200

Table 4 Response body parameters

Parameter

Type

Description

key_id

String

CMK ID.

signature_vaild

Boolean

A Boolean value that indicates whether the signature was verified.

Status code: 400

Table 5 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 6 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Status code: 403

Table 7 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 8 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Status code: 404

Table 9 Response body parameters

Parameter

Type

Description

error

Object

Error message.

Table 10 ErrorDetail

Parameter

Type

Description

error_code

String

Error code.

error_msg

String

Error information.

Example Requests

{
  "key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
  "signing_algorithm" : "RSASSA_PKCS1_V1_5_SHA_256",
  "signature" : "jFUqQESGBc0j6k9BozzrP9YL4qk8/W9DZRvK6XXX...",
  "message" : "MmFiZWE0ZjI3ZGIxYTkzY2RmYmEzM2YwMTA1YmJjYw=="
}

Example Responses

Status code: 200

Request processing succeeded.

{
  "key_id" : "0d0466b0-e727-4d9c-b35d-f84bb474a37f",
  "signature_valid" : "true"
}

Status code: 400

Invalid request parameters.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 403

Authentication failed.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status code: 404

The requested resource does not exist or is not found.

{
  "error" : {
    "error_code" : "KMS.XXX",
    "error_msg" : "XXX"
  }
}

Status Codes

Status Code

Description

200

Request processing succeeded.

400

Invalid request parameters.

403

Authentication failed.

404

The requested resource does not exist or is not found.

Error Codes

See Error Codes.