Verifying Signed Data Using an Encryption Key
Learn how to verify signed data with an encryption key using the CLI or API.
This task isn't available in the OCI Console.
- Note
You can only use RSA or ECDSA asymmetric keys to digitally sign data and verify signed data. AES keys do not support the asymmetric vault cryptography required to sign data or to verify signed data.Use the oci kms crypto verified-data verify command and required parameters to verify the integrity of signed data:
oci kms crypto verified-data verify --key-id <key_ocid> --key-version-id <keyversion_ocid> --message <base64_string> --signature <base64_string> --signing-algorithm <key_algorithm> --endpoint <kmscrypto_endpoint>For a complete list of parameters and values for CLI commands, see the CLI Command Reference.
Use the Verify API with the Cryptographic Endpoint to verify a digital signature created with a master encryption key.
NoteFor information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.
The Management Endpoint is used for management operations including Create, Update, List, Get, and Delete. The Management Endpoint is also called the control plane URL or the KMSMANAGEMENT endpoint.
The Cryptographic Endpoint is used for cryptographic operations including Encrypt, Decrypt, Generate Data Encryption Key, Sign, and Verify. The Cryptographic Endpoint is also called the data plane URL or the KMSCRYPTO endpoint.
You can find the management and cryptographic endpoints in a vault's details metadata. See Getting a Vault's Details for instructions.
For regional endpoints for the Key Management, Secret Management, and Secret Retrieval APIs, see API Reference and Endpoints.