digest.rsa_verify
Available inall subroutines.
Returns true if the RSA signature of payload using
public_key matches digest. The hash_method parameter selects the digest
function to use. It can be sha1, sha256, sha384, sha512, or default
(default is equivalent to sha256). The STRING parameter in the
payload or digest could reference headers such as req.http.payload and
req.http.digest. The base64_method parameter is optional. It can
be standard, url, url_nopad, or default (default is equivalent
to url_nopad).
Base64 decoding behaves as if by a call to
digest.base64_decode.
See that function for handling invalid characters and the behavior of padding.
Unlike digest.base64_decode, the decoded output is used directly
(rather than constructing a VCL STRING type), and so binary content
is permitted, including possible NUL bytes.
Example
if (digest.rsa_verify(sha256, {"-----BEGIN PUBLIC KEY-----aabbccddIieEffggHHhEXAMPLEPUBLICKEY-----END PUBLIC KEY-----"}, req.http.payload, req.http.digest, url_nopad)) { set req.http.verified = "Verified";} else { set req.http.verified = "Not Verified";}error 900;Try it out
digest.rsa_verify is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.
Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.
Authenticate JSON Web Tokens at the edge
Decode the popular JWT format to verify user session tokens before forwarding trusted authentication data to your origin.
