Secure contextThis feature is available only in secure contexts (HTTPS), in some or all supporting browsers.
The verify()
method of the SubtleCrypto
interface verifies a digital signature.
It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise
which will be fulfilled with a Boolean
value indicating whether the signature is valid.
Syntax
const result = crypto.subtle.verify(algorithm, key, signature, data);
Parameters
algorithm
is aDOMString
or object defining the algorithm to use, and for some algorithm choices, some extra parameters. The values given for the extra parameters must match those passed into the correspondingsign()
call.- To use RSASSA-PKCS1-v1_5, pass the string
"RSASSA-PKCS1-v1_5"
or an object of the form{ "name": "RSASSA-PKCS1-v1_5" }
. - To use RSA-PSS, pass an
RsaPssParams
object. - To use ECDSA, pass an
EcdsaParams
object. - To use HMAC, pass the string
"HMAC"
or an object of the form{ "name": "HMAC" }
.
- To use RSASSA-PKCS1-v1_5, pass the string
key
is aCryptoKey
containing the key that will be used to verify the signature. It is the secret key for a symmetric algorithm and the public key for a public-key system.signature
is aArrayBuffer
containing the signature to verify.data
is aArrayBuffer
containing the data whose signature is to be verified.
Return value
Exceptions
The promise is rejected when the following exception is encountered:
InvalidAccessError
- Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.
Supported algorithms
The verify()
method supports the same algorithms as the sign()
method.
Examples
Note: You can [[../../../../../../../mdn.github.io/dom-examples/web-crypto/sign-verify/index|try the working examples]] out on GitHub.
RSASSA-PKCS1-v1_5
This code uses a public key to verify a signature. See the complete code on GitHub.
/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
const messageBox = document.querySelector(".rsassa-pkcs1 #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".rsassa-pkcs1 .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"RSASSA-PKCS1-v1_5",
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
RSA-PSS
This code uses a public key to verify a signature. See the complete code on GitHub.
/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
const messageBox = document.querySelector(".rsa-pss #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".rsa-pss .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "RSA-PSS",
saltLength: 32,
},
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
ECDSA
This code uses a public key to verify a signature. See the complete code on GitHub.
/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
const messageBox = document.querySelector(".ecdsa #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
const signatureValue = document.querySelector(".ecdsa .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
{
name: "ECDSA",
hash: {name: "SHA-384"},
},
publicKey,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
HMAC
This code uses a secret key to verify a signature. See the complete code on GitHub.
/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
const messageBox = document.querySelector(".hmac #message");
let message = messageBox.value;
let enc = new TextEncoder();
return enc.encode(message);
}
/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(key) {
const signatureValue = document.querySelector(".hmac .signature-value");
signatureValue.classList.remove("valid", "invalid");
let encoded = getMessageEncoding();
let result = await window.crypto.subtle.verify(
"HMAC",
key,
signature,
encoded
);
signatureValue.classList.add(result ? "valid" : "invalid");
}
Specifications
Specification | Status | Comment |
Web Cryptography APIThe definition of 'SubtleCrypto.verify()' in that specification. | Recommendation | Initial definition. |
Browser compatibility
The compatibility table on this page is generated from structured data. If you'd like to contribute to the data, please check out https://github.com/mdn/browser-compat-data and send us a pull request.
Update compatibility data on GitHub
Desktop | Mobile | |||||||||||
---|---|---|---|---|---|---|---|---|---|---|---|---|
verify
|
Chrome
Full support 37 |
Edge Partial support 12 Partial support 12 Notes' Not supported: RSA-PSS, ECDSA. |
Firefox Full support 34 Full support 34 No support 32 — 34 Disabled' From version 32 until version 34 (exclusive): this feature is behind the |
IE Partial support 11 Partial support 11 Notes' Returns |
Opera
Full support 24 |
Safari
Full support 7 |
WebView Android
Full support 37 |
Chrome Android
Full support 37 |
Firefox Android Full support 34 Full support 34 No support 32 — 34 Disabled' From version 32 until version 34 (exclusive): this feature is behind the |
Opera Android
Full support 24 |
Safari iOS
Full support 7 |
Samsung Internet Android
Full support 6.0 |
Legend
- Full support
- Full support
- Partial support
- Partial support
- See implementation notes.'
- See implementation notes.
- User must explicitly enable this feature.'
- User must explicitly enable this feature.
See also
SubtleCrypto.sign()
.- RFC 3447 specifies RSASSA-PKCS1-v1_5.
- RFC 3447 specifies RSA-PSS.
- FIPS-186 specifies ECDSA.
- FIPS 198-1 specifies HMAC.
SubtleCrypto.verify() by Mozilla Contributors is licensed under CC-BY-SA 2.5.