verify.verify(object, signature[, signatureEncoding])

版本历史

版本	变更
v13.2.0, v12.16.0	此函数现在支持 IEEE-P1363 DSA 和 ECDSA 签名。
v12.0.0	此函数现在支持 RSA-PSS 密钥。
v11.7.0	密钥现在可以是私钥。
v8.0.0	添加了对 RSASSA-PSS 和其他选项的支持。
v0.1.92	新增于: v0.1.92

object <Object> | <string> | <Buffer> | <KeyObject>
- dsaEncoding <string>
- padding <integer>
- saltLength <integer>
signature <string> | <Buffer> | <TypedArray> | <DataView>
signatureEncoding <string> signature 字符串的编码。
返回: <boolean> true 或 false 取决于数据和公钥签名的有效性。

使用给定的 object 和 signature 验证提供的数据。

如果 object 不是 KeyObject，则此函数的行为就像将 object 传给 crypto.createPublicKey() 一样。如果是对象，则可以传入以下额外属性：

dsaEncoding <string> 对于 DSA 和 ECDSA，此选项指定签名的格式。它可以是以下之一：
- 'der'（默认）：DER 编码的 ASN.1 签名结构编码 (r, s)。
- 'ieee-p1363': IEEE-P1363 中提议的签名格式 r || s。
padding <integer> RSA 的可选填充值，以下之一：
- crypto.constants.RSA_PKCS1_PADDING（默认）
- crypto.constants.RSA_PKCS1_PSS_PADDING
RSA_PKCS1_PSS_PADDING 将使用具有相同散列函数的 MGF1，用于验证 RFC 4055 的第 3.1 章节中指定的消息，除非 MGF1 散列函数已被指定为符合 RFC 4055 的第 3.3 章节的密钥的一部分。
saltLength <integer> 填充为 RSA_PKCS1_PSS_PADDING 时的盐长度。特殊值 crypto.constants.RSA_PSS_SALTLEN_DIGEST 将盐长度设置为摘要大小，crypto.constants.RSA_PSS_SALTLEN_AUTO（默认值）使其自动确定。

signature 参数是先前计算的数据签名，在 signatureEncoding 中。如果指定了 signatureEncoding，则 signature 应该是字符串；否则 signature 应该是 Buffer、TypedArray 或 DataView。

verify 对象在 verify.verify() 被调用后不能再次使用。多次调用 verify.verify() 将导致抛出错误。

因为公钥可以从私钥导出，所以可以传递私钥而不是公钥。

History

Version	Changes
v13.2.0, v12.16.0	This function now supports IEEE-P1363 DSA and ECDSA signatures.
v12.0.0	This function now supports RSA-PSS keys.
v11.7.0	The key can now be a private key.
v8.0.0	Support for RSASSA-PSS and additional options was added.
v0.1.92	Added in: v0.1.92

object <Object> | <string> | <Buffer> | <KeyObject>
- dsaEncoding <string>
- padding <integer>
- saltLength <integer>
signature <string> | <Buffer> | <TypedArray> | <DataView>
signatureEncoding <string> The encoding of the signature string.
Returns: <boolean> true or false depending on the validity of the signature for the data and public key.

Verifies the provided data using the given object and signature.

If object is not a KeyObject, this function behaves as if object had been passed to crypto.createPublicKey(). If it is an object, the following additional properties can be passed:

dsaEncoding <string> For DSA and ECDSA, this option specifies the format of the signature. It can be one of the following:
- 'der' (default): DER-encoded ASN.1 signature structure encoding (r, s).
- 'ieee-p1363': Signature format r || s as proposed in IEEE-P1363.
padding <integer> Optional padding value for RSA, one of the following:
- crypto.constants.RSA_PKCS1_PADDING (default)
- crypto.constants.RSA_PKCS1_PSS_PADDING
RSA_PKCS1_PSS_PADDING will use MGF1 with the same hash function used to verify the message as specified in section 3.1 of RFC 4055, unless an MGF1 hash function has been specified as part of the key in compliance with section 3.3 of RFC 4055.
saltLength <integer> Salt length for when padding is RSA_PKCS1_PSS_PADDING. The special value crypto.constants.RSA_PSS_SALTLEN_DIGEST sets the salt length to the digest size, crypto.constants.RSA_PSS_SALTLEN_AUTO (default) causes it to be determined automatically.

The signature argument is the previously calculated signature for the data, in the signatureEncoding. If a signatureEncoding is specified, the signature is expected to be a string; otherwise signature is expected to be a Buffer, TypedArray, or DataView.

The verify object can not be used again after verify.verify() has been called. Multiple calls to verify.verify() will result in an error being thrown.

Because public keys can be derived from private keys, a private key may be passed instead of a public key.