digest.rsa_verify
Available inall subroutines.
Returns true if the RSA signature of payload using public_key matches
digest. The hash_method parameter selects the digest function to use. It
can be sha1, sha256, sha384, sha512, or default (default is
equivalent to sha256). The STRING parameter in the payload or digest may
reference headers such as req.http.payload and req.http.digest. The
base64_method parameter is optional. It can be standard, url,
url_nopad, or default (default is equivalent to url_nopad).
Base64 decoding behaves as if by a call to digest.base64_decode. See that
function for handling invalid characters and the behavior of padding. Unlike
digest.base64_decode, the decoded output is used directly (rather than
constructing a VCL STRING type), and so binary content is permitted, including
possible NUL bytes.
Example
if (digest.rsa_verify(sha256, {"-----BEGIN PUBLIC KEY-----aabbccddIieEffggHHhEXAMPLEPUBLICKEY-----END PUBLIC KEY-----"}, req.http.payload, req.http.digest, url_nopad)) { set req.http.verified = "Verified";} else { set req.http.verified = "Not Verified";}error 900;Try it out
digest.rsa_verify is used in the following code examples. Examples apply VCL to real-world use cases and can be deployed as they are, or adapted for your own service. See the full list of code examples for more inspiration.
Click RUN on a sample below to provision a Fastly service, execute the code on Fastly, and see how the function behaves.
Authenticate JSON Web Tokens at the edge
Decode the popular JWT format to verify user session tokens before forwarding trusted authentication data to your origin.
