verifyBytes abstract method
Verify the HMAC signature
of given data
.
This computes an HMAC signature of the data
in the same manner
as signBytes and conducts a fixed-time comparison against signature
,
returning true
if the two signatures are equal.
It is possible to compute a signature for data
using
signBytes or signStream and then simply compare the two signatures.
This is strongly discouraged as it is easy to introduce side-channels
opening your application to timing attacks.
Use verifyBytes or verifyStream to verify signatures.
Example
import 'dart:convert' show base64, utf8;
import 'package:webcrypto/webcrypto.dart';
// Generate an HmacSecretKey.
final key = await HmacSecretKey.generateKey(Hash.sha256);
String stringToSign = 'example-string-to-signed';
// Compute signature.
final signature = await key.signBytes(utf8.encode(stringToSign));
// Verify signature.
final result = await key.verifyBytes(
signature,
utf8.encode(stringToSign),
);
assert(result == true, 'this signature should be valid');
Implementation
Future<bool> verifyBytes(List<int> signature, List<int> data);