Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The verify() method of the SubtleCrypto interface verifies a digital signature.
It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise which will be fulfilled with a boolean value indicating whether the signature is valid.
js
verify(algorithm, key, signature, data)
algorithm A string or object defining the algorithm to use, and for some algorithm choices, some extra parameters. The values given for the extra parameters must match those passed into the corresponding sign() call.
"RSASSA-PKCS1-v1_5" or an object of the form { "name": "RSASSA-PKCS1-v1_5" }. RsaPssParams object.EcdsaParams object."HMAC" or an object of the form { "name": "HMAC" }.key A CryptoKey containing the key that will be used to verify the signature. It is the secret key for a symmetric algorithm and the public key for a public-key system.
signatureA ArrayBuffer containing the signature to verify.
dataA ArrayBuffer containing the data whose signature is to be verified.
A Promise that fulfills with a boolean value: true if the signature is valid, false otherwise.
The promise is rejected when the following exception is encountered:
InvalidAccessError DOMException
Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.
The verify() method supports the same algorithms as the sign() method.
Note: You can try the working examples out on GitHub.
This code uses a public key to verify a signature. See the complete code on GitHub.
js
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".rsassa-pkcs1 #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector( ".rsassa-pkcs1 .signature-value", ); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( "RSASSA-PKCS1-v1_5", publicKey, signature, encoded, ); signatureValue.classList.add(result ? "valid" : "invalid"); }
This code uses a public key to verify a signature. See the complete code on GitHub.
js
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".rsa-pss #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector(".rsa-pss .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( { name: "RSA-PSS", saltLength: 32, }, publicKey, signature, encoded, ); signatureValue.classList.add(result ? "valid" : "invalid"); }
This code uses a public key to verify a signature. See the complete code on GitHub.
js
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".ecdsa #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector(".ecdsa .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( { name: "ECDSA", hash: { name: "SHA-384" }, }, publicKey, signature, encoded, ); signatureValue.classList.add(result ? "valid" : "invalid"); }
This code uses a secret key to verify a signature. See the complete code on GitHub.
js
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".hmac #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(key) { const signatureValue = document.querySelector(".hmac .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( "HMAC", key, signature, encoded, ); signatureValue.classList.add(result ? "valid" : "invalid"); }
| Specification |
|---|
| Web Cryptography API # SubtleCrypto-method-verify |
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
verify |
37 | 7912–79Not supported: RSA-PSS, ECDSA. |
34 | 11ReturnsCryptoOperation instead of Promise |
24 | 7 | 37 | 37 | 34 | 24 | 7 | 3.0 |
SubtleCrypto.sign().
© 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify