Crypto: Verify Node
The Crypto: Verify Node accepts a data string, a signature, and a verification key or certificate, and verifies the data's claim to authenticity.
Node Properties
Configuration for the Crypto: Verify Node is broken up into the following sections ...
Configuration
First, choose how to provide the verification key by choosing a Verification Key Type. The verification key can be the original private key used to sign the data; the signing key's corresponding public key; or a certificate containing that public key. Options are:
- Credential Name Template: If selected, choose one of your application's Certificate / Key Pair Service Credentials to serve as the verification key. This is recommended; however, this option is not available in Edge Workflows.
- Enter Local File Path Template: In Edge Workflows only, you may provide a file path to where the verification key is stored in a volume mounted within the agent's container.
- Enter String Template: If selected, provide a string template resolving to the verification key.
- Enter Payload Path: If selected, provide a payload path pointing to the verification key on the workflow payload.
For all options other than Credential Name Template, the verification key must be PEM encoded.
Data to Verify
Next, specify the data that was originally signed by the private key and the unique encrypted signature string provided by the sender:
- Data Template: Enter a string template for the original signed data.
- Data Encoding: Provide the encoding of the provided data. Default is
UTF-8. - Signature Template: Enter a string template for the signature corresponding to the signed data and verification key.
- Signature Encoding: Provide the encoding of the signature. Default is
Base64.
Verification Options
Next, specify the options that were applied to the signature:
- Algorithm Type: Choose a cryptographic hash algorithm for generating the signature. Default is
SHA-256. - Padding: For the padding, choose either
RSA PKCS1(default) orRSA PSS. - DSA Encoding: For the Digital Signing Algorithm encoding, choose either
DER(default) orIEEE P1363.
Result Path
The Crypto: Verify Node will take the true (right) output branch when the signature matches the provided key and data, and it will take the false (left) path when the values do not match.
You may optionally specify a Result Path for where to place any errors encountered when running the node. Values will only be placed at this path when the node fails to execute. In that case, the value placed at this payload path will be an error object with a message property describing the error.
Related Nodes
Was this page helpful?
Still looking for help? You can also search the Losant Forums or submit your question there.