# VerifySignature()

Verifies a digital signature using a public key.

Returns true if the data hasn't been tampered with and was signed by the matching private key.

**Requires Extension:** [Crypto Extension](https://download.lucee.org/#17AB52DE-B300-A94B-E058FC978BE4542D)

```
VerifySignature( data=any, signature=string, publicKey=any, algorithm=string );
```

**Returns:** boolean

# Arguments

| Argument | Type | Required | Description | Default |
|----------|------|----------|-------------|---------|
| data | any | Yes | Original data that was signed |  |
| signature | string | Yes | Base64-encoded signature to verify |  |
| publicKey | any | Yes | Public key (PEM string or Java object) |  |
| algorithm | string | No | Signature algorithm. Auto-detected if omitted. |  |

# Examples

```cfml
// Verify that data hasn't been tampered with using the signer's public key
keyPair = GenerateKeyPair( "RSA-2048" );
data = "Important data";

signature = GenerateSignature( data, keyPair.private );

// Verify with the matching public key
isValid = VerifySignature( data, signature, keyPair.public ); // true

// Tampered data fails verification
isValid = VerifySignature( "Modified data", signature, keyPair.public ); // false

// Wrong public key fails verification
otherKeyPair = GenerateKeyPair( "RSA-2048" );
isValid = VerifySignature( data, signature, otherKeyPair.public ); // false
```







# Categories

[Cryptography](../../categories/crypto.md)

# See Also

[GenerateKeyPair()](generatekeypair.md), [GenerateSignature()](generatesignature.md)