Reputation: 150614
How do I verify a HMAC or an RSA-SHA signature in client-side JavaScript?
I am using JSON web tokens (JWT) for claims-based authentication. To hinder tampering I am also using JWS to digitally sign the token.
How can I verify the signature on the client-side (I am using the JWT for a SPA)?
And, in case I'd also use JWE, how could I decrypt the token client-side?
PS: Of course I know the answer: Just decrypt and / or verify using the matching algorithm … my question is more of how to accomplish this.
Upvotes: 1
Views: 1331
Answers (2)
Reputation: 412
Keep in mind if you're using HMAC this won't work because you'd have to share the secret with the client, which is not recommended because browsers can't keep secrets. With asymmetrical encryption, this isn't a problem because the browser can use the public key.
Upvotes: 2
Reputation: 6299
You could use JS lib and calculate with its help at client side : http://kjur.github.io/jsrsasign/
:)
Upvotes: 2
Related Questions
- JWT, how to verify signature?
- JWT Verify client-side?
- How does jwt implement RSA256 signature verification in nodejs
- JWT token signature validation javascript
- How to make a Base64 HmacSHA256 signature of bytes payload in JavaScript equivalent to Java?
- How to verify a signed JWT with SubtleCrypto of the Web Crypto API?
- Decrypting signature and Veryifying JWT
- Verify a signature using a certificate RSA Javascript
- RSA Signature Verification with No Certificate JavaScript
- HMAC verification API in javascript