WARNING: This server provides a static reference view of the NetKernel documentation. Links to dynamic content do not work. For the best experience we recommend you install NetKernel and view the documentation in the live system .

Endpoint
Name:PKIVerify
Description:Verify signature using public key in keystore
Id:PKIVerify
Category:accessor
Identifier Syntax

PKIVerify is an accessor using Active URI syntax with the following base identifiers:

Base
active:pkiVerify

and the following arguments: (for more details on argument passing details see here)

ArgumentRulesTypingDescription
operand
Mandatory
Representation (java.lang.Object)resource to verify
signature
Mandatory
Representation (java.lang.Object)hexadecimal signature for verfication
keystore
Mandatory
Representation (java.lang.Object)JKS Keystore
keystorePassword
Mandatory
Representation (java.lang.Object)password for keystore
keyID
Mandatory
Representation (java.lang.Object)Id of key in keystore
keyPassword
Optional
Representation (java.lang.Object)password for key
Request Verbs

The following verb is supported:

Verb
SOURCE
Response

The response representation of this accessor for SOURCE requests is unknown.

This accessor throws no documented exceptions.

Import Requirements

To use PKIVerify accessor you must import the module urn:org:netkernel:mod:security:

<import>
  <uri>urn:org:netkernel:mod:security</uri>
</import>

Verifies the signature (generated by active:pkiSign) of the operand resource which is SOURCEd as a IReadableBinaryStreamRepresentation. The signature argument should be a string generated using the pkiSign accessor.

Returns a boolean - true if signature is valid.

Compatibility

This tool uses a 256-bit buffer to stream the operand resource - it will therefore generate a signature including padding with zero's for any operand that exceeds the 256 modulo.

This tool is provided for compatibility with older services. We recommend that you use the standard unpadded RSASHA1 signature available with the active:pkiSignStandard and verifiable with active:pkiVerifyStandard.

PKI Details

see active:pkiSignStandard