The following operations describe a typical signature verification scenario:
A signer creates an asymmetric key through the KMS.
The signer computes the message signature using the private key by calling the cryptographic operation API.
The signer obtains the public key and distributes it to the message receiver.
The receiver uses the public key to verify the signature.
Characteristics of scenario
It is applicable for the secure transmission of sensitive information between systems with unequal levels of trust.
Advantages
Wide application: Signature verification achieved through asymmetric keys is widely used in related fields such as data tamper-proof and identity authentication;
Security guarantee: Supports popular asymmetric key algorithms and provides sufficient security strength to secure digital signatures.
Scenario Diagram
Procedure
1. The information sender creates an asymmetric user master key (CMK) on the KMS console or by calling the CreateKey API.
2. The information sender obtains the public key by calling the getPublicKey API of KMS, and distributes it to the information receiver.
3. The information sender calls the asymmetricSign API of KMS, and uses the created CMK private key to generate a signature for the data to be transmitted.
4. The information sender transmits the signature and data to the information receiver.
5. After receiving the signature and data, the information receiver uses the public key distributed by the information sender to verify the signature locally through GmSSL, OpenSSL, password library, and national Encryption SDK. In special cases, you can also call the asymmetricVerify API of KMS to use CMK for signature verification.