-
-
Notifications
You must be signed in to change notification settings - Fork 645
Tutorial for JWS verification
TOP(jsrsasign) | WIKI | DOWNLOADS | TUTORIALS | API REFERENCE | DEMOS
To use jsrsasign including jsjws on your browser, just include 'jsrsasign-latest-all-min.js' script as following:
<script language="JavaScript" type="text/javascript"
src="http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js">
</script>
When you verify JSON Web Signature, you should prepare a JWS signature string, key to verify and acceptable signature algorithms which is used to mitigate signature replace attacks.
Example for HS256 signature verification which was signed HMAC-SHA256 with shared secret key '616161' in hexadecimal is following:
var isValid = KJUR.jws.JWS.verify("eyJh...", "616161", ["HS256"]);
Example for RS256 signature verification is following. RSA public key is loaded from PEM PKCS#1 RSA public key string:
var pubKey = KEYUTIL.getKey(sRSAPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["RS256"]);
For PS256 RSA-PSS signature, almost the same as following:
var pubKey = KEYUTIL.getKey(sRSAPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["PS256"]);
For ES256 ECDSA signature, public key will be loaded from public key certificate:
var pubKey = KEYUTIL.getKey(sECCPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["ES256"]);