Verifying Signed Data Using Master Encryption Key

Verify signed data using a Vault Master Encryption Key using the CLI and API interface.

• Console
• CLI
• API

• This task is not available in the OCI Console.

• Note
  
  You can only use RSA or ECDSA asymmetric keys to digitally sign data and verify signed data. AES keys do not support the asymmetric vault cryptography required to sign data or to verify signed data.

  Open a command prompt and run oci kms crypto verified-data verify to verify the integrity of signed data:

  oci kms crypto verified-data verify --key-id <key_OCID> --key-version-id <keyversion_OCID> --message <base64_string> --signature <base64_string> --signing-algorithm <key_algorithm> --endpoint <data_plane_url>

  For example:

  
  oci kms crypto verified-data verify --key-id ocid1.key.region1.sea.exampleaaacu2.examplesmtpsuqmoy4m5cvblugmizcoeu2nfc6b3zfaux2lmqz245gezevsq --key-version-id ocid1.keyversion.region1.sea.example5aacuu.aumjmafauxaaa.abuwcljt2lolvy722lpaefa53mbl2fyrtcvb3desouxwygdhqxgryexample --message VGhlIHF1aWNrIGJyb3duIGZveCBqdW1wcyBvdmVyIHRoZSBsYXp5IGRvZy4= --signature VGhpcyBpcyBhIHNpZ25hdHVyZS4= --signing-algorithm SHA_224_RSA_PKCS_PSS --endpoint https://exampleaaacu3-crypto.kms.us-ashburn-1.oraclecloud.com

  For a complete list of parameters and values for CLI commands, see the CLI Command Reference.

• Run the Verify operation to verify signed data using master encryption key using the KMSCRYPTO endpoint.

  Note
  
  Each region uses the KMSCRYPTO endpoint for encryption/decryption of keys. This endpoint is referred to as the control plane URL or KMSCRYPTO endpoint. For regional endpoints, see the API Documentation.

  For information about using the API and signing requests, see REST API documentation and Security Credentials. For information about SDKs, see SDKs and the CLI.