> ## Documentation Index > Fetch the complete documentation index at: https://support.fortanix.com/llms.txt > Use this file to discover all available pages before exploring further. # Verify a signature with a public key. The verifying key must be an asymmetric key with the `VERIFY` key operation enabled. > Note on using LMS key: See documentation of the /crypto/v1/sign API. ## OpenAPI ````json POST /crypto/v1/verify { "openapi": "3.0.0", "info": { "title": "Fortanix DSM REST API", "description": "This is a set of REST APIs for accessing the Fortanix Data Security Manager. This includes APIs for managing accounts, and for performing cryptographic and key management operations. \n\n **Note:** \n- All binary input should be base64-encoded. These fields are marked with `format: byte`. \n- For forward compatibility, any API client is expected to ignore any fields in the response not explicitly mentioned in the documentation. We reserve the right to add new fields at any time to provide new functionality without affecting existing API clients.", "termsOfService": "https://www.fortanix.com/legal/terms/", "contact": { "name": "Fortanix Support", "url": "https://support.fortanix.com/", "email": "support@fortanix.com" }, "license": { "name": "Apache 2.0", "url": "http://www.apache.org/licenses/LICENSE-2.0.html" }, "version": "0.1.0-20260526" }, "servers": [ { "url": "https://amer.smartkey.io" } ], "paths": { "/crypto/v1/verify": { "post": { "operationId": "Verify", "tags": [ "Crypto" ], "security": [ { "bearerToken": [] }, { "apiKeyAuth": [] } ], "summary": "Verify a signature with a public key. The verifying key must be an\nasymmetric key with the `VERIFY` key operation enabled.", "description": "Note on using LMS key: See documentation of the /crypto/v1/sign API.", "requestBody": { "required": true, "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VerifyRequest" } } } }, "responses": { "2XX": { "description": "Success result", "content": { "application/json": { "schema": { "$ref": "#/components/schemas/VerifyResponse" } } } } } } } }, "components": { "schemas": { "VerifyRequest": { "allOf": [ { "type": "object", "description": "Request to verify a signature using an asymmetric key.", "properties": { "key": { "$ref": "#/components/schemas/SobjectDescriptor" }, "hash_alg": { "$ref": "#/components/schemas/DigestAlgorithm" }, "hash": { "type": "string", "format": "byte", "description": "The hash of the data on which the signature is being verified. Either\n`hash` or `data` should be specified; it is an error to specify both\nor none.\nHash should be base64 encoded." }, "data": { "type": "string", "format": "byte", "description": "The data on which the signature is being verified. Either `hash` or\n`data` should be specified; it is an error to specify both or none.\nData should be base64 encoded." }, "mode": { "$ref": "#/components/schemas/SignatureMode" }, "signature": { "type": "string", "format": "byte", "description": "The signature to verify" }, "context": { "type": "string", "format": "byte", "description": "The context parameter to be provided to the verify algorithm.\n\nCurrently only ML-DSA keys accept a context parameter;\nthis parameter must not be specified for any other key types." } }, "required": [ "signature" ] } ] }, "VerifyResponse": { "allOf": [ { "type": "object", "description": "Result of verifying a signature or MAC.", "properties": { "kid": { "type": "string", "format": "uuid", "nullable": true, "description": "The ID of the key used for verification. Returned for non-transient keys." }, "result": { "type": "boolean", "description": "True if the signature verified and false if it did not." } }, "required": [ "result" ] } ] }, "SobjectDescriptor": { "description": "Uniquely identifies a persisted or transient sobject.", "oneOf": [ { "title": "SobjectDescriptorVariantKid", "type": "object", "properties": { "kid": { "type": "string", "format": "uuid" } }, "required": [ "kid" ] }, { "title": "SobjectDescriptorVariantName", "type": "object", "properties": { "name": { "type": "string", "maxLength": 4096, "pattern": "^[^\\n]*[^\\s\\n][^\\n]*$" } }, "required": [ "name" ] }, { "title": "SobjectDescriptorVariantTransientKey", "type": "object", "properties": { "transient_key": { "type": "string", "format": "byte" } }, "required": [ "transient_key" ] }, { "title": "SobjectDescriptorVariantInline", "type": "object", "properties": { "inline": { "$ref": "#/components/schemas/SobjectDescriptorInline" } }, "required": [ "inline" ] } ] }, "DigestAlgorithm": { "description": "A hash algorithm.", "type": "string", "enum": [ "BLAKE2B256", "BLAKE2B384", "BLAKE2B512", "BLAKE2S256", "RIPEMD160", "SSL3", "SHA1", "SHA224", "SHA256", "SHA384", "SHA512", "STREEBOG256", "STREEBOG512", "SHA3_224", "SHA3_256", "SHA3_384", "SHA3_512" ] }, "SignatureMode": { "description": "Signature mechanism", "oneOf": [ { "$ref": "#/components/schemas/RsaSignaturePadding" }, { "$ref": "#/components/schemas/MlDsaMode" } ] }, "SobjectDescriptorInline": { "allOf": [ { "type": "object", "properties": { "value": { "type": "string", "format": "byte" }, "obj_type": { "$ref": "#/components/schemas/ObjectType" } }, "required": [ "value", "obj_type" ] } ] }, "RsaSignaturePadding": { "description": "Type of padding to use for RSA signatures. The padding specified must adhere to the key's\nsignature policy. If not specified, the default based on the key's policy will be used.", "oneOf": [ { "title": "RsaSignaturePaddingVariantPss", "type": "object", "properties": { "PSS": { "$ref": "#/components/schemas/RsaSignaturePaddingPss" } }, "required": [ "PSS" ] }, { "title": "RsaSignaturePaddingVariantPkcs1V15", "type": "object", "properties": { "PKCS1_V15": { "type": "object", "properties": {} } }, "required": [ "PKCS1_V15" ] } ] }, "MlDsaMode": { "oneOf": [ { "$ref": "#/components/schemas/MlDsaModeVariantPure" }, { "$ref": "#/components/schemas/MlDsaModeVariantPreHash" }, { "$ref": "#/components/schemas/MlDsaModeVariantExternalMu" } ], "discriminator": { "propertyName": "variant", "mapping": { "PURE": "MlDsaModeVariantPure", "PRE_HASH": "MlDsaModeVariantPreHash", "EXTERNAL_MU": "MlDsaModeVariantExternalMu" } } }, "ObjectType": { "description": "Type of security object.", "type": "string", "enum": [ "AES", "ARIA", "DES", "DES3", "SEED", "RSA", "DSA", "EC", "KCDSA", "ECKCDSA", "BIP32", "SLIP10", "BLS", "OPAQUE", "HMAC", "LEDABETA", "ROUND5BETA", "SECRET", "LMS", "XMSS", "MLDSA", "MLDSABETA", "MLKEM", "MLKEMBETA", "CERTIFICATE", "PBE" ] }, "RsaSignaturePaddingPss": { "allOf": [ { "type": "object", "description": "Probabilistic Signature Scheme (PKCS#1 v2.1).", "properties": { "mgf": { "$ref": "#/components/schemas/Mgf" } }, "required": [ "mgf" ] } ] }, "MlDsaModeVariantPure": { "allOf": [ { "type": "object", "properties": { "variant": { "type": "string", "enum": [ "PURE" ] } }, "required": [ "variant" ] }, { "type": "object", "properties": {} } ] }, "MlDsaModeVariantPreHash": { "allOf": [ { "type": "object", "properties": { "variant": { "type": "string", "enum": [ "PRE_HASH" ] } }, "required": [ "variant" ] }, { "type": "object", "properties": {} } ] }, "MlDsaModeVariantExternalMu": { "allOf": [ { "type": "object", "properties": { "variant": { "type": "string", "enum": [ "EXTERNAL_MU" ] } }, "required": [ "variant" ] }, { "type": "object", "properties": {} } ] }, "Mgf": { "description": "Specifies the Mask Generating Function (MGF) to use.", "oneOf": [ { "title": "MgfVariantMgf1", "type": "object", "properties": { "mgf1": { "$ref": "#/components/schemas/MgfMgf1" } }, "required": [ "mgf1" ] } ] }, "MgfMgf1": { "allOf": [ { "type": "object", "description": "MGF1 algorithm", "properties": { "hash": { "$ref": "#/components/schemas/DigestAlgorithm" } }, "required": [ "hash" ] } ] } } } } ````