VerifySignature()
Verifies a digital signature using a public key.
Returns true if the data hasn't been tampered with and was signed by the matching private key.
Requires Extension: Crypto Extension
VerifySignature( data=any, signature=string, publicKey=any, algorithm=string );
Returns: Boolean
| Argument | Description |
|---|---|
|
data
any,
required
|
edit
Original data that was signed |
|
signature
string,
required
|
edit
Base64-encoded signature to verify |
|
publicKey
any,
required
|
edit
Public key (PEM string or Java object) |
|
algorithm
string,
optional
|
edit
Signature algorithm. Auto-detected if omitted. |
Examples
edit// Verify that data hasn't been tampered with using the signer's public key
keyPair = GenerateKeyPair( "RSA-2048" );
data = "Important data";
signature = GenerateSignature( data, keyPair.private );
// Verify with the matching public key
isValid = VerifySignature( data, signature, keyPair.public ); // true
// Tampered data fails verification
isValid = VerifySignature( "Modified data", signature, keyPair.public ); // false
// Wrong public key fails verification
otherKeyPair = GenerateKeyPair( "RSA-2048" );
isValid = VerifySignature( data, signature, otherKeyPair.public ); // false
See also
- Cryptography
- GenerateKeyPair()
- GenerateSignature()
- Search Issue Tracker open_in_new
- Search Lucee Test Cases open_in_new (good for further, detailed examples)