Class: Aws::KMS::Types::VerifyRequest

Inherits:

Struct

• Object
• Struct
• Aws::KMS::Types::VerifyRequest

Defined in:

(unknown)

Overview

Note:

When passing VerifyRequest as input to an Aws::Client method, you can use a vanilla Hash:

{
  key_id: "KeyIdType", # required
  message: "data", # required
  message_type: "RAW", # accepts RAW, DIGEST
  signature: "data", # required
  signing_algorithm: "RSASSA_PSS_SHA_256", # required, accepts RSASSA_PSS_SHA_256, RSASSA_PSS_SHA_384, RSASSA_PSS_SHA_512, RSASSA_PKCS1_V1_5_SHA_256, RSASSA_PKCS1_V1_5_SHA_384, RSASSA_PKCS1_V1_5_SHA_512, ECDSA_SHA_256, ECDSA_SHA_384, ECDSA_SHA_512
  grant_tokens: ["GrantTokenType"],
}

See Also:

• AWS API Documentation

Instance Attribute Summary

• #grant_tokens ⇒ Array<String>

  A list of grant tokens.

• #key_id ⇒ String

  Identifies the asymmetric CMK that will be used to verify the signature.

• #message ⇒ String

  Specifies the message that was signed.

• #message_type ⇒ String

  Tells AWS KMS whether the value of the Message parameter is a message or message digest.

• #signature ⇒ String

  The signature that the Sign operation generated.

• #signing_algorithm ⇒ String

  The signing algorithm that was used to sign the message.

Instance Attribute Details

#grant_tokens ⇒ Array<String>

A list of grant tokens.

For more information, see Grant Tokens in the AWS Key Management Service Developer Guide.

Returns:

• (Array<String>) —

  A list of grant tokens.

#key_id ⇒ String

Identifies the asymmetric CMK that will be used to verify the signature. This must be the same CMK that was used to generate the signature. If you specify a different CMK, the signature verification fails.

To specify a CMK, use its key ID, Amazon Resource Name (ARN), alias name, or alias ARN. When using an alias name, prefix it with "alias/". To specify a CMK in a different AWS account, you must use the key ARN or alias ARN.

For example:

• Key ID: 1234abcd-12ab-34cd-56ef-1234567890ab

• Key ARN: arn:aws:kms:us-east-2:111122223333:key/1234abcd-12ab-34cd-56ef-1234567890ab

• Alias name: alias/ExampleAlias

• Alias ARN: arn:aws:kms:us-east-2:111122223333:alias/ExampleAlias

To get the key ID and key ARN for a CMK, use ListKeys or DescribeKey. To get the alias name and alias ARN, use ListAliases.

Returns:

• (String) —

  Identifies the asymmetric CMK that will be used to verify the signature.

#message ⇒ String

Specifies the message that was signed. You can submit a raw message of up to 4096 bytes, or a hash digest of the message. If you submit a digest, use the MessageType parameter with a value of DIGEST.

If the message specified here is different from the message that was signed, the signature verification fails. A message and its hash digest are considered to be the same message.

Returns:

• (String) —

  Specifies the message that was signed.

#message_type ⇒ String

Tells AWS KMS whether the value of the Message parameter is a message or message digest. The default value, RAW, indicates a message. To indicate a message digest, enter DIGEST.

Use the DIGEST value only when the value of the Message parameter is a message digest. If you use the DIGEST value with a raw message, the security of the verification operation can be compromised.

Possible values:

• RAW
• DIGEST

Returns:

• (String) —

  Tells AWS KMS whether the value of the Message parameter is a message or message digest.

#signature ⇒ String

The signature that the Sign operation generated.

Returns:

• (String) —

  The signature that the Sign operation generated.

#signing_algorithm ⇒ String

The signing algorithm that was used to sign the message. If you submit a different algorithm, the signature verification fails.

Possible values:

• RSASSA_PSS_SHA_256
• RSASSA_PSS_SHA_384
• RSASSA_PSS_SHA_512
• RSASSA_PKCS1_V1_5_SHA_256
• RSASSA_PKCS1_V1_5_SHA_384
• RSASSA_PKCS1_V1_5_SHA_512
• ECDSA_SHA_256
• ECDSA_SHA_384
• ECDSA_SHA_512

Returns:

• (String) —

  The signing algorithm that was used to sign the message.