SubtleCrypto.verify()
Secure context: This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The verify() method of the SubtleCrypto interface verifies a digital signature.
It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise which will be fulfilled with a boolean value indicating whether the signature is valid.
Syntax
const result = crypto.subtle.verify(algorithm, key, signature, data);
Parameters
-
algorithmis aDOMStringor object defining the algorithm to use, and for some algorithm choices, some extra parameters. The values given for the extra parameters must match those passed into the correspondingsign()call.- To use RSASSA-PKCS1-v1_5, pass the string
"RSASSA-PKCS1-v1_5"or an object of the form{ "name": "RSASSA-PKCS1-v1_5" }. - To use RSA-PSS, pass an
RsaPssParamsobject. - To use ECDSA, pass an
EcdsaParamsobject. - To use HMAC, pass the string
"HMAC"or an object of the form{ "name": "HMAC" }.
- To use RSASSA-PKCS1-v1_5, pass the string
-
keyis aCryptoKeycontaining the key that will be used to verify the signature. It is the secret key for a symmetric algorithm and the public key for a public-key system. -
signatureis aArrayBuffercontaining the signature to verify. -
datais aArrayBuffercontaining the data whose signature is to be verified.
Return value
-
resultis aPromisethat fulfills with a boolean value:trueif the signature is valid,falseotherwise.
Exceptions
The promise is rejected when the following exception is encountered:
InvalidAccessError-
Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.
Supported algorithms
The verify() method supports the same algorithms as the sign() method.
Examples
Note: You can try the working examples out on GitHub.
RSASSA-PKCS1-v1_5
This code uses a public key to verify a signature. See the complete code on GitHub.
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".rsassa-pkcs1 #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector(".rsassa-pkcs1 .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( "RSASSA-PKCS1-v1_5", publicKey, signature, encoded ); signatureValue.classList.add(result ? "valid" : "invalid"); }
RSA-PSS
This code uses a public key to verify a signature. See the complete code on GitHub.
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".rsa-pss #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector(".rsa-pss .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( { name: "RSA-PSS", saltLength: 32, }, publicKey, signature, encoded ); signatureValue.classList.add(result ? "valid" : "invalid"); }
ECDSA
This code uses a public key to verify a signature. See the complete code on GitHub.
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".ecdsa #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(publicKey) { const signatureValue = document.querySelector(".ecdsa .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( { name: "ECDSA", hash: {name: "SHA-384"}, }, publicKey, signature, encoded ); signatureValue.classList.add(result ? "valid" : "invalid"); }
HMAC
This code uses a secret key to verify a signature. See the complete code on GitHub.
/* Fetch the contents of the "message" textbox, and encode it in a form we can use for sign operation. */ function getMessageEncoding() { const messageBox = document.querySelector(".hmac #message"); let message = messageBox.value; let enc = new TextEncoder(); return enc.encode(message); } /* Fetch the encoded message-to-sign and verify it against the stored signature. * If it checks out, set the "valid" class on the signature. * Otherwise set the "invalid" class. */ async function verifyMessage(key) { const signatureValue = document.querySelector(".hmac .signature-value"); signatureValue.classList.remove("valid", "invalid"); let encoded = getMessageEncoding(); let result = await window.crypto.subtle.verify( "HMAC", key, signature, encoded ); signatureValue.classList.add(result ? "valid" : "invalid"); }
Specifications
| Specification |
|---|
| Web Cryptography API # SubtleCrypto-method-verify |
Browser compatibility
| Desktop | Mobile | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Internet Explorer | Opera | Safari | WebView Android | Chrome Android | Firefox for Android | Opera Android | Safari on IOS | Samsung Internet | |
verify |
37 |
12
Not supported: RSA-PSS, ECDSA.
|
34 |
11
Returns
CryptoOperation instead of Promise
|
24 |
7 |
37 |
37 |
34 |
24 |
7 |
6.0 |
See also
-
SubtleCrypto.sign(). - RFC 3447 specifies RSASSA-PKCS1-v1_5.
- RFC 3447 specifies RSA-PSS.
- FIPS-186 specifies ECDSA.
- FIPS 198-1 specifies HMAC.
© 2005–2021 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify