Smaws_Client_KMS.VerifyMacval request :
Smaws_Lib.Context.t ->
verify_mac_request ->
(verify_mac_response,
[> Smaws_Lib.Protocols.AwsJson.error
| `DisabledException of disabled_exception
| `DryRunOperationException of dry_run_operation_exception
| `InvalidGrantTokenException of invalid_grant_token_exception
| `InvalidKeyUsageException of invalid_key_usage_exception
| `KeyUnavailableException of key_unavailable_exception
| `KMSInternalException of kms_internal_exception
| `KMSInvalidMacException of kms_invalid_mac_exception
| `KMSInvalidStateException of kms_invalid_state_exception
| `NotFoundException of not_found_exception ])
Stdlib.resultVerifies the hash-based message authentication code (HMAC) for a specified message, HMAC KMS key, and MAC algorithm. To verify the HMAC, VerifyMac computes an HMAC using the message, HMAC KMS key, and MAC algorithm that you specify, and compares the computed HMAC to the HMAC that you specify. If the HMACs are identical, the verification succeeds; otherwise, it fails. Verification indicates that the message hasn't changed since the HMAC was calculated, and the specified key was used to generate and verify the HMAC.
HMAC KMS keys and the HMAC algorithms that KMS uses conform to industry standards defined in RFC 2104.
This operation is part of KMS support for HMAC KMS keys. For details, see HMAC keys in KMS in the Key Management Service Developer Guide.
The KMS key that you use for this operation must be in a compatible key state. For details, see Key states of KMS keys in the Key Management Service Developer Guide.
Cross-account use: Yes. To perform this operation with a KMS key in a different Amazon Web Services account, specify the key ARN or alias ARN in the value of the KeyId parameter.
Required permissions: kms:VerifyMac (key policy)
Related operations: GenerateMac
Eventual consistency: The KMS API follows an eventual consistency model. For more information, see KMS eventual consistency.