Can SubtleCrypto.verify() use a digest instead of the original message?

Question

https://developer.mozilla.org/en-US/docs/Web/API/SubtleCrypto/verify

Algorithms like ES224, ES256, ES384, and ES512 are designed for use with digests, however, Javascript does not appear to support this design and instead requires the full original message. Existing applications may require this feature and idiomatically use these algorithms as intentionally permitted by design.

Also, this is a problem for performance. For example, a digest may represent a 1 GB file and verifying a 256 bit digest is better for performance than re-hashing a 1 GB file.

Go and other languages use digests for verification. This expectation is not outside of industry norms.

Is there a work around the SubtleCrypto restriction of requiring the full original message, without resorting to an external library like noble-curves?

I'm sure SubtleCrypto not only *does* use digests but make them mandatory. Every one of the algorithms specified "digests" the data before applying the underlying signature primitive. — President James K. Polk, Jan 04 '23 at 17:46

score 0 · Answer 1 · answered Jan 04 '23 at 16:05

0

No. SubtleCrypto does not allow digests to be used, so you have to use an external library like noble-curves.

answered Jan 04 '23 at 16:05

Zamicol

4,626
1
37
42

No, SubtleCrypto always digests the data. – President James K. Polk Jan 04 '23 at 17:49

Can SubtleCrypto.verify() use a digest instead of the original message?

1 Answers1