Skip to content

Tutorial for JWS verification

Kenji Urushima edited this page Jun 1, 2015 · 3 revisions

TOP(jsrsasign) | WIKI | DOWNLOADS | TUTORIALS | API REFERENCE | DEMOS


To use jsrsasign including jsjws on your browser, just include 'jsrsasign-latest-all-min.js' script as following:

<script language="JavaScript" type="text/javascript"
        src="http://kjur.github.io/jsrsasign/jsrsasign-latest-all-min.js">
</script>

When you verify JSON Web Signature, you should prepare a JWS signature string, key to verify and acceptable signature algorithms which is used to mitigate signature replace attacks.

Example for HS256 signature verification which was signed HMAC-SHA256 with shared secret key '616161' in hexadecimal is following:

var isValid = KJUR.jws.JWS.verify("eyJh...", "616161", ["HS256"]);

Example for RS256 signature verification is following. RSA public key is loaded from PEM PKCS#1 RSA public key string:

var pubKey = KEYUTIL.getKey(sRSAPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["RS256"]);

For PS256 RSA-PSS signature, almost the same as following:

var pubKey = KEYUTIL.getKey(sRSAPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["PS256"]);

For ES256 ECDSA signature, public key will be loaded from public key certificate:

var pubKey = KEYUTIL.getKey(sECCPUBKEY_X509CERT_PEM);
var isValid = KJUR.jws.JWS.verify("eyJh...", pubKey, ["ES256"]);
Clone this wiki locally