Verify Method

Verifies a digital signature using a CMK.

Syntax

ANSI (Cross Platform)
int Verify(const char* lpszKeyId, const char* lpszAlgorithm, int bIsDigest);

Unicode (Windows)
INT Verify(LPCWSTR lpszKeyId, LPCWSTR lpszAlgorithm, BOOL bIsDigest);
- (BOOL)verify:(NSString*)keyId :(NSString*)algorithm :(BOOL)isDigest;
#define MID_AMAZONKMS_VERIFY 32

CLOUDKEYS_EXTERNAL int CLOUDKEYS_CALL CloudKeys_AmazonKMS_Do(void *lpObj, int methid, int cparam, void *param[], int cbparam[], int64 *lpllVal);

Remarks

This method verifies a digital signature using the CMK specified by KeyId and the given Algorithm. The message data is taken from the input stream supplied via the SetInputStream method, the specified InputFile, or the InputData property. The digital signature data is taken from the specified OutputFile or the OutputData property. If the signature is successfully verified, this method returns true, otherwise it returns false.

The value passed for the KeyId parameter must be the Id or ARN of a CMK, or the name or ARN of an alias, in the current Region. If an ARN is provided, it can be for a CMK or alias in another account so long as the appropriate permissions are in place.

The Algorithm parameter specifies which algorithm was used to sign the data. Possible values are:

  • RSASSA_PSS_SHA_256
  • RSASSA_PSS_SHA_384
  • RSASSA_PSS_SHA_512
  • RSASSA_PKCS1_V1_5_SHA_256
  • RSASSA_PKCS1_V1_5_SHA_384
  • RSASSA_PKCS1_V1_5_SHA_512
  • ECDSA_SHA_256
  • ECDSA_SHA_384
  • ECDSA_SHA_512

The IsDigest parameter specifies whether the data whose signature is being verified is the original message (false) or a message digest (true). When a message digest is supplied, keep in mind that it must be the exact same digest that was used at signing time, regardless of whether it has been recomputed.

Note that, as with the Sign method, a maximum of 4096 bytes of message data can be sent to the server. If IsDigest is false, and more than 4096 bytes of message data are provided, the class will automatically compute an appropriate message digest and send it instead. In such cases, the computed digest is made available via the MessageDigest configuration setting.

This method will fail if any of the following are true regarding the specified CMK:

Error Handling (C++)

This method returns a Boolean value; after it returns, call the GetLastErrorCode() method to obtain its result code; 0 indicates success, while a non-zero error code indicates that this method encountered an error during its execution. If an error occurs, the GetLastError() method can be called to retrieve the associated error message.

Copyright (c) 2022 /n software inc. - All rights reserved.
Cloud Keys 2020 C++ Edition - Version 20.0 [Build 8157]