Verify a signature with a public key. The verifying key must be an asymmetric key with the `VERIFY` key operation enabled.

  • Published on Jul 22, 2025
  • 1 minute(s) read
Prev Next
Post
/crypto/v1/verify

Note on using LMS key: See documentation of the /crypto/v1/sign API.

Security
HTTP
Type bearer
API Key: apiKeyAuth
Header parameter nameAuthorization
Body parameters
Expand All
object
key

Uniquely identifies a persisted or transient sobject.

OneOf
SobjectDescriptorVariantKid
object (SobjectDescriptorVariantKid)
kid
string (uuid) Required
SobjectDescriptorVariantName
object (SobjectDescriptorVariantName)
name
string Required
Max length4096
Pattern^[^\n]*[^\s\n][^\n]*$
SobjectDescriptorVariantTransientKey
object (SobjectDescriptorVariantTransientKey)
transient_key
string (byte) Required
SobjectDescriptorVariantInline
object (SobjectDescriptorVariantInline)
inline
object Required
value
string (byte) Required
obj_type
string Required

Type of security object.

Valid values[ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ]
hash_alg
string

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
hash
string (byte)

The hash of the data on which the signature is being verified. Either hash or data should be specified; it is an error to specify both or none. Hash should be base64 encoded.

data
string (byte)

The data on which the signature is being verified. Either hash or data should be specified; it is an error to specify both or none. Data should be base64 encoded.

mode

Signature mechanism

OneOf
object
OneOf
RsaSignaturePaddingVariantPss
object (RsaSignaturePaddingVariantPss)
PSS
object Required
mgf

Specifies the Mask Generating Function (MGF) to use.

OneOf
MgfVariantMgf1
object (MgfVariantMgf1)
mgf1
object Required
hash
string Required

A hash algorithm.

Valid values[ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ]
RsaSignaturePaddingVariantPkcs1V15
object (RsaSignaturePaddingVariantPkcs1V15)
PKCS1_V15
object Required
signature
string (byte) Required

The signature to verify

context
string (byte)

The context parameter to be provided to the verify algorithm.

Currently only ML-DSA keys accept a context parameter; this parameter must not be specified for any other key types.

Responses
2XX

Success result

object
kid
string (uuid) | null

The ID of the key used for verification. Returned for non-transient keys.

result
boolean

True if the signature verified and false if it did not.