The verify()
method of the SubtleCrypto
interface verifies a digital signature.
It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise
which will be fulfilled with a boolean value indicating whether the signature is valid.
verify(algorithm, key, signature, data)
A Promise
that fulfills with a boolean value: true
if the signature is valid, false
otherwise.
The promise is rejected when the following exception is encountered:
-
InvalidAccessError
DOMException
-
Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.
The verify()
method supports the same algorithms as the sign()
method.
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".rsassa-pkcs1 #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".rsassa-pkcs1 .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".rsa-pss #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".rsa-pss .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "RSA-PSS",
saltLength: 32,
},
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".ecdsa #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".ecdsa .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "ECDSA",
hash: {name: "SHA-384"},
},
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
This code uses a secret key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".hmac #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(key) {
const signatureValue = document.querySelector(".hmac .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"HMAC",
key,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}