I work with (browser token signing ) to sign a text with x509 certificate. I'd like to verify that the Generated signature is valid or not. is there any tools to verify the Generated signature online or other way????
Asked
Active
Viewed 1,062 times
0
-
You can use [WebCryptographyApi 's verify method](https://www.w3.org/TR/WebCryptoAPI/#SubtleCrypto-method-verify) to verify a signature in the browser using the public key. You need also to extract the public key from the x509certificate. To do this use a javascript library like forge (https://github.com/digitalbazaar/forge#x509). You can find detailed info for these steps in this site – pedrofb Jun 14 '17 at 11:50
-
@pedrofb how to use this method? – BLAYTI Ribh Jun 14 '17 at 12:36
-
First, import key in spki format https://github.com/diafygi/webcrypto-examples#rsassa-pkcs1-v1_5---importkey Second, verify the signature with https://github.com/diafygi/webcrypto-examples#rsassa-pkcs1-v1_5---verify. Use forge to extract the public key as raw data from x509. I can't provide you a full example because there are several parts involved. You may want to try it, and come back with the problems so the community could help you with a localized issue – pedrofb Jun 15 '17 at 12:17