Verifies a digital signature by using a specified certificate.
The signature algorithm in the request parameters must match the key type. The following table describes the mapping between signature algorithms and key types.
Algorithm |
Key Spec |
---|---|
RSA_PKCS1_SHA_256 |
RSA_2048 |
RSA_PSS_SHA_256 |
RSA_2048 |
ECDSA_SHA_256 |
EC_P256 |
SM2DSA |
EC_SM2 |
In this example, the certificate whose ID is 12345678-1234-1234-1234-12345678****
and the signature algorithm ECDSA_SHA_256
are used to verify the digital signature ZOyIygCyaOW6Gj****MlNKiuyjfzw=
of the raw data VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
.
Debugging
Request parameters
Parameter | Type | Required | Example | Description |
---|---|---|---|---|
Action | String | Yes | CertificatePublicKeyVerify |
The operation that you want to perform. Set the value to CertificatePublicKeyVerify. |
CertificateId | String | Yes | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. The ID must be globally unique in Certificates Manager. |
Algorithm | String | Yes | ECDSA_SHA_256 |
The signature algorithm. Valid values:
|
Message | String | Yes | VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= |
The raw data that is signed. The value is encoded in Base64. For example, if the raw data in the hexadecimal format
is If the MessageType parameter is set to RAW, the size of the data must be less than or equal to 4 KB. If the size of the data is greater than 4 KB, you can set the MessageType parameter to DIGEST and set the Message parameter to the digest of the data. The digest is also called hash value. You can compute the digest of the data on an on-premises device. Certificates Manager uses the digest that you compute in your own certificate application system. The message digest algorithm that you use must match the specified signature algorithm. Comply with the following mapping between signature algorithms and message digest algorithms:
Note If the key type of the certificate is EC_SM2 and the MessageType parameter is set
to DIGEST, the value of the Message parameter is
e that is described in GB/T 32918.2-2016 6.1.
|
MessageType | String | Yes | RAW |
The type of the message. Valid values:
|
SignatureValue | String | Yes | ZOyIygCyaOW6Gj****MlNKiuyjfzw= |
The signature value. The value is encoded in Base64. |
For more information about common request parameters, see Common parameters.
Response parameters
Parameter | Type | Example | Description |
---|---|---|---|
RequestId | String | 5979d897-d69f-4fc9-87dd-f3bb73c40b80 |
The ID of the request, which is used to locate and troubleshoot issues. |
CertificateId | String | 12345678-1234-1234-1234-12345678**** |
The ID of the certificate. |
SignatureValid | Boolean | true |
The verification result. Valid values:
|
Examples
Sample requests
http(s)://[Endpoint]/?Action=CertificatePublicKeyVerify
&CertificateId=12345678-1234-1234-1234-12345678****
&Algorithm=ECDSA_SHA_256
&Message=VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4=
&MessageType=RAW
&SignatureValue=ZOyIygCyaOW6Gj****MlNKiuyjfzw=
&<Common request parameters>
Sample success responses
XML
format
HTTP/1.1 200 OK
Content-Type:application/xml
<CertificatePublicKeyVerifyResponse>
<RequestId>5979d897-d69f-4fc9-87dd-f3bb73c40b80</RequestId>
<CertificateId>12345678-1234-1234-1234-12345678****</CertificateId>
<SignatureValid>true</SignatureValid>
</CertificatePublicKeyVerifyResponse>
JSON
format
HTTP/1.1 200 OK
Content-Type:application/json
{
"RequestId" : "5979d897-d69f-4fc9-87dd-f3bb73c40b80",
"CertificateId" : "12345678-1234-1234-1234-12345678****",
"SignatureValid" : true
}
Error codes
HTTP status code | Error code | Error message | Description |
---|---|---|---|
400 | InvalidParameter | The specified parameter is not valid. | The error message returned because an invalid value is specified for the parameter. |
404 | InvalidAccessKeyId.NotFound | The specified AccessKey ID does not exist. | The error message returned because the AccessKey ID does not exist. |
For a list of error codes, visit the API Error Center.