digest.rsa_verify
Available inall subroutines.
Returns true
if the RSA signature of payload
using
public_key
matches digest
. The hash_method
parameter selects the digest
function to use. It can be sha1
, sha256
, sha384
, sha512
, or default
(default
is equivalent to sha256
). The STRING
parameter in the
payload or digest could reference headers such as req.http.payload
and
req.http.digest
. The base64_method
parameter is optional. It can
be standard
, url
, url_nopad
, or default
(default
is equivalent
to url_nopad
).
Base64 decoding behaves as if by a call to
digest.base64_decode
.
See that function for handling invalid characters and the behavior of padding.
Unlike digest.base64_decode
, the decoded output is used directly
(rather than constructing a VCL STRING type), and so binary content
is permitted, including possible NUL bytes.
Example
if (digest.rsa_verify(sha256, {"-----BEGIN PUBLIC KEY-----aabbccddIieEffggHHhEXAMPLEPUBLICKEY-----END PUBLIC KEY-----"}, req.http.payload, req.http.digest, url_nopad)) { set req.http.verified = "Verified";} else { set req.http.verified = "Not Verified";}error 900;
Try it out
digest.rsa_verify
is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.
Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.
Authenticate JSON Web Tokens at the edge
Decode the popular JWT format to verify user session tokens before forwarding trusted authentication data to your origin.