verify - verify

Verifies a signature using a specified key.
The VERIFY operation is applicable to symmetric keys stored in Azure Key Vault. VERIFY is not strictly necessary for asymmetric keys stored in Azure Key Vault since signature verification can be performed using the public portion of the key but this operation is supported as a convenience for callers that only have a key-reference and not the public portion of the key. This operation requires the keys/verify permission.

POST {vaultBaseUrl}/keys/{key-name}/{key-version}/verify?api-version=7.1

URI Parameters

Name In Required Type Description
key-name
path True
  • string

The name of the key.

key-version
path True
  • string

The version of the key.

vaultBaseUrl
path True
  • string

The vault name, for example https://myvault.vault.azure.net.

api-version
query True
  • string

Client API version.

Request Body

Name Required Type Description
alg True

The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

digest True
  • string

The digest used for signing.

value True
  • string

The signature to be verified.

Responses

Name Type Description
200 OK

The verification result.

Other Status Codes

Key Vault error response describing why the operation failed.

Examples

Verify

Sample Request

POST https://myvault.vault.azure.net//keys/testkey/9885aa558e8d448789683188f8c194b0/verify?api-version=7.1
{
  "alg": "RS512",
  "value": "RUE3Nzg4NTQ4QjQ5RjFFN0U2NzAyQzhDNEMwMkJDOTA1MTYyOTUzNjI5NDhBNzZDQTlFOTM1NDA2M0ZGMjk2Mg",
  "digest": "aKFG8NXcfTzqyR44rW42484K_zZI_T7zZuebvWuNgAoEI1gXYmxrshp42CunSmmu4oqo4-IrCikPkNIBkHXnAW2cv03Ad0UpwXhVfepK8zzDBaJPMKVGS-ZRz8CshEyGDKaLlb3J3zEkXpM3RrSEr0mdV6hndHD_mznLB5RmFui5DsKAhez4vUqajgtkgcPfCekMqeSwp6r9ItVL-gEoAohx8XMDsPedqu-7BuZcBcdayaPuBRL4wWoTDULA11P-UN_sJ5qMj3BbiRYhIlBWGR04wIGfZ3pkJjHJUpOvgH2QajdYPzUBauOCewMYbq9XkLRSzI_A7HkkDVycugSeAA"
}

Sample Response

{
  "value": true
}

Definitions

Error

The key vault server error.

JsonWebKeySignatureAlgorithm

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

KeyVaultError

The key vault error exception.

KeyVerifyParameters

The key verify parameters.

KeyVerifyResult

The key verify result.

Error

The key vault server error.

Name Type Description
code
  • string

The error code.

innererror

The key vault server error.

message
  • string

The error message.

JsonWebKeySignatureAlgorithm

The signing/verification algorithm identifier. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

Name Type Description
ES256
  • string

ECDSA using P-256 and SHA-256, as described in https://tools.ietf.org/html/rfc7518.

ES256K
  • string

ECDSA using P-256K and SHA-256, as described in https://tools.ietf.org/html/rfc7518

ES384
  • string

ECDSA using P-384 and SHA-384, as described in https://tools.ietf.org/html/rfc7518

ES512
  • string

ECDSA using P-521 and SHA-512, as described in https://tools.ietf.org/html/rfc7518

PS256
  • string

RSASSA-PSS using SHA-256 and MGF1 with SHA-256, as described in https://tools.ietf.org/html/rfc7518

PS384
  • string

RSASSA-PSS using SHA-384 and MGF1 with SHA-384, as described in https://tools.ietf.org/html/rfc7518

PS512
  • string

RSASSA-PSS using SHA-512 and MGF1 with SHA-512, as described in https://tools.ietf.org/html/rfc7518

RS256
  • string

RSASSA-PKCS1-v1_5 using SHA-256, as described in https://tools.ietf.org/html/rfc7518

RS384
  • string

RSASSA-PKCS1-v1_5 using SHA-384, as described in https://tools.ietf.org/html/rfc7518

RS512
  • string

RSASSA-PKCS1-v1_5 using SHA-512, as described in https://tools.ietf.org/html/rfc7518

RSNULL
  • string

Reserved

KeyVaultError

The key vault error exception.

Name Type Description
error

The key vault server error.

KeyVerifyParameters

The key verify parameters.

Name Type Description
alg

The signing/verification algorithm. For more information on possible algorithm types, see JsonWebKeySignatureAlgorithm.

digest
  • string

The digest used for signing.

value
  • string

The signature to be verified.

KeyVerifyResult

The key verify result.

Name Type Description
value
  • boolean

True if the signature is verified, otherwise false.