SubtleCrypto.verify()

Secure context
This feature is available only in secure contexts (HTTPS), in some or all supporting browsers.

The verify() method of the SubtleCrypto interface verifies a digital signature.

It takes as its arguments a key to verify the signature with, some algorithm-specific parameters, the signature, and the original signed data. It returns a Promise which will be fulfilled with a Boolean value indicating whether the signature is valid.

Syntax

const result = crypto.subtle.verify(algorithm, key, signature, data);

Parameters

algorithm is a DOMString or object defining the algorithm to use, and for some algorithm choices, some extra parameters. The values given for the extra parameters must match those passed into the corresponding sign() call.
- To use RSASSA-PKCS1-v1_5, pass the string "RSASSA-PKCS1-v1_5" or an object of the form { "name": "RSASSA-PKCS1-v1_5" }.
- To use RSA-PSS, pass an RsaPssParams object.
- To use ECDSA, pass an EcdsaParams object.
- To use HMAC, pass the string "HMAC" or an object of the form { "name": "HMAC" }.
key is a CryptoKey containing the key that will be used to verify the signature. It is the secret key for a symmetric algorithm and the public key for a public-key system.
signature is a ArrayBuffer containing the signature to verify.
data is a ArrayBuffer containing the data whose signature is to be verified.

Return value

result is a Promise that fulfills with a Boolean: true if the signature is valid, false otherwise.

Exceptions

The promise is rejected when the following exception is encountered:

InvalidAccessError: Raised when the encryption key is not a key for the requested verifying algorithm or when trying to use an algorithm that is either unknown or isn't suitable for a verify operation.

Supported algorithms

The verify() method supports the same algorithms as the sign() method.

Examples

Note: You can try the working examples out on GitHub.

RSASSA-PKCS1-v1_5

This code uses a public key to verify a signature. See the complete code on GitHub.

/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
  const messageBox = document.querySelector(".rsassa-pkcs1 #message");
  let message = messageBox.value;
  let enc = new TextEncoder();
  return enc.encode(message);
}

/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
  const signatureValue = document.querySelector(".rsassa-pkcs1 .signature-value");
  signatureValue.classList.remove("valid", "invalid");

  let encoded = getMessageEncoding();
  let result = await window.crypto.subtle.verify(
    "RSASSA-PKCS1-v1_5",
    publicKey,
    signature,
    encoded
  );

  signatureValue.classList.add(result ? "valid" : "invalid");
}

RSA-PSS

This code uses a public key to verify a signature. See the complete code on GitHub.

/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
  const messageBox = document.querySelector(".rsa-pss #message");
  let message = messageBox.value;
  let enc = new TextEncoder();
  return enc.encode(message);
}

/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
  const signatureValue = document.querySelector(".rsa-pss .signature-value");
  signatureValue.classList.remove("valid", "invalid");

  let encoded = getMessageEncoding();
  let result = await window.crypto.subtle.verify(
    {
      name: "RSA-PSS",
      saltLength: 32,
    },
    publicKey,
    signature,
    encoded
  );

  signatureValue.classList.add(result ? "valid" : "invalid");
}

ECDSA

This code uses a public key to verify a signature. See the complete code on GitHub.

/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
  const messageBox = document.querySelector(".ecdsa #message");
  let message = messageBox.value;
  let enc = new TextEncoder();
  return enc.encode(message);
}

/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(publicKey) {
  const signatureValue = document.querySelector(".ecdsa .signature-value");
  signatureValue.classList.remove("valid", "invalid");

  let encoded = getMessageEncoding();
  let result = await window.crypto.subtle.verify(
    {
      name: "ECDSA",
      hash: {name: "SHA-384"},
    },
    publicKey,
    signature,
    encoded
  );

  signatureValue.classList.add(result ? "valid" : "invalid");
}

HMAC

This code uses a secret key to verify a signature. See the complete code on GitHub.

/*
Fetch the contents of the "message" textbox, and encode it
in a form we can use for sign operation.
*/
function getMessageEncoding() {
   const messageBox = document.querySelector(".hmac #message");
   let message = messageBox.value;
   let enc = new TextEncoder();
   return enc.encode(message);
}

/*
Fetch the encoded message-to-sign and verify it against the stored signature.
* If it checks out, set the "valid" class on the signature.
* Otherwise set the "invalid" class.
*/
async function verifyMessage(key) {
   const signatureValue = document.querySelector(".hmac .signature-value");
   signatureValue.classList.remove("valid", "invalid");

   let encoded = getMessageEncoding();
   let result = await window.crypto.subtle.verify(
     "HMAC",
     key,
     signature,
     encoded
   );

   signatureValue.classList.add(result ? "valid" : "invalid");
}

Specifications

Specification	Status	Comment
Web Cryptography API The definition of 'SubtleCrypto.verify()' in that specification.	Recommendation	Initial definition.

Browser compatibility

	Desktop						Mobile
	Chrome	Edge	Firefox	Internet Explorer	Opera	Safari	Android webview	Chrome for Android	Firefox for Android	Opera for Android	Safari on iOS	Samsung Internet
`verify`	Chrome Full support 37	Edge Partial support 12 Notes Partial support 12 Notes Notes Not supported: RSA-PSS, ECDSA.	Firefox Full support 34 Full support 34 No support 32 — 34 Disabled Disabled From version 32 until version 34 (exclusive): this feature is behind the `dom.webcrypto.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	IE Partial support 11 Notes Partial support 11 Notes Notes Returns `CryptoOperation` instead of `Promise`	Opera Full support 24	Safari Full support 7	WebView Android Full support 37	Chrome Android Full support 37	Firefox Android Full support 34 Full support 34 No support 32 — 34 Disabled Disabled From version 32 until version 34 (exclusive): this feature is behind the `dom.webcrypto.enabled` preference (needs to be set to `true`). To change preferences in Firefox, visit about:config.	Opera Android Full support 24	Safari iOS Full support 7	Samsung Internet Android Full support 6.0

Legend

Full support: Full support
Partial support: Partial support
See implementation notes.: See implementation notes.
User must explicitly enable this feature.: User must explicitly enable this feature.

Syntax

Parameters

Return value

Exceptions

Supported algorithms

Examples

RSASSA-PKCS1-v1_5

RSA-PSS

ECDSA

HMAC

Specifications

Browser compatibility

Legend

See also