verifyStream abstract method

Future<bool> verifyStream(
  1. List<int> signature,
  2. Stream<List<int>> data
)

Verify the HMAC signature of given data stream.

This computes an HMAC signature of the data stream in the same manner as signStream and conducts a fixed-time comparison against signature, returning true if the two signatures are equal.

It is possible to compute a signature for data using signBytes or signStream and then simply compare the two signatures. This is strongly discouraged as it is easy to introduce side-channels opening your application to timing attacks. Use verifyBytes or verifyStream to verify signatures.

Example

import 'dart:convert' show base64, utf8;
import 'package:webcrypto/webcrypto.dart';

// Generate an HmacSecretKey.
final key = await HmacSecretKey.generateKey(Hash.sha256);

String stringToSign = 'example-string-to-signed';

// Compute signature.
final signature = await key.signBytes(Stream.fromIterable([
  utf8.encode(stringToSign),
]));

// Verify signature.
final result = await key.verifyStream(signature, Stream.fromIterable([
  utf8.encode(stringToSign),
]));
assert(result == true, 'this signature should be valid');

Implementation

Future<bool> verifyStream(List<int> signature, Stream<List<int>> data);