1. Home
2. Reference documentation
3. VCL reference
4. Functions
5. Cryptographic

Available inall subroutines.

Returns true if the RSA signature of payload using public_key matches digest.

The hash_method parameter is the hash function used in the signing scheme. It can be sha1, sha256, sha384, or sha512.

The public_key parameter requires an RSA public key in the PEM key format.

The payload parameter is the original message to verify against digest.

The digest parameter is the Base64-encoded purported signature of payload. This will be decoded as if by digest.base64_decode using the base64_method described below.

The optional base64_method parameter selects the Base64 variant to use to decode digest. It can be standard, url, url_nopad, or default (url_nopad).

Example

if (digest.rsa_verify(sha256, {"-----BEGIN PUBLIC KEY-----
aabbccddIieEffggHHhEXAMPLEPUBLICKEY
-----END PUBLIC KEY-----"}, req.http.payload, req.http.digest, url_nopad)) {
  set req.http.Verified = "Verified";
} else {
  set req.http.Verified = "Not Verified";
}

Try it out

digest.rsa_verify is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.

Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.