SubtleCrypto: verify() method
The verify()
method of the SubtleCrypto
interface verifies a digital signature.
It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise
which will be fulfilled with a boolean value indicating whether the signature is valid.
Syntax
verify(algorithm, key, signature, data)
Parameters
algorithm
-
A string or object defining the algorithm to use, and for some algorithm choices, some extra parameters. The values given for the extra parameters must match those passed into the corresponding sign()
call.
- To use RSASSA-PKCS1-v1_5, pass the string
"RSASSA-PKCS1-v1_5"
or an object of the form { "name": "RSASSA-PKCS1-v1_5" }
. - To use RSA-PSS, pass an
RsaPssParams
object. - To use ECDSA, pass an
EcdsaParams
object. - To use HMAC, pass the string
"HMAC"
or an object of the form { "name": "HMAC" }
.
key
-
A CryptoKey
containing the key that will be used to verify the signature. It is the secret key for a symmetric algorithm and the public key for a public-key system.
signature
-
A ArrayBuffer
containing the signature to verify.
data
-
A ArrayBuffer
containing the data whose signature is to be verified.
Return value
A Promise
that fulfills with a boolean value: true
if the signature is valid, false
otherwise.
Exceptions
The promise is rejected when the following exception is encountered:
-
InvalidAccessError
DOMException
-
Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.
Supported algorithms
The verify()
method supports the same algorithms as the sign()
method.
Examples
RSASSA-PKCS1-v1_5
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".rsassa-pkcs1 #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(
".rsassa-pkcs1 .signature-value",
);
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encoded,
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
RSA-PSS
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".rsa-pss #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".rsa-pss .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "RSA-PSS",
saltLength: 32,
},
publicKey,
signature,
encoded,
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
ECDSA
This code uses a public key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".ecdsa #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".ecdsa .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "ECDSA",
hash: { name: "SHA-384" },
},
publicKey,
signature,
encoded,
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
HMAC
This code uses a secret key to verify a signature. See the complete code on GitHub.
function getMessageEncoding() {
const messageBox = document.querySelector(".hmac #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
async function verifyMessage(key) {
const signatureValue = document.querySelector(".hmac .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"HMAC",
key,
signature,
encoded,
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
Specifications
Browser compatibility
|
Desktop |
Mobile |
|
Chrome |
Edge |
Firefox |
Internet Explorer |
Opera |
Safari |
WebView Android |
Chrome Android |
Firefox for Android |
Opera Android |
Safari on IOS |
Samsung Internet |
verify |
37 |
7912–79Not supported: RSA-PSS, ECDSA.
|
34 |
11Returns CryptoOperation instead of Promise |
24 |
7 |
37 |
37 |
34 |
24 |
7 |
3.0 |
See also