verifyBytes abstract method

Future<bool> verifyBytes(
  1. List<int> signature,
  2. List<int> data
)

Verify the HMAC signature of given data.

This computes an HMAC signature of the data in the same manner as signBytes and conducts a fixed-time comparison against signature, returning true if the two signatures are equal.

It is possible to compute a signature for data using signBytes or signStream and then simply compare the two signatures. This is strongly discouraged as it is easy to introduce side-channels opening your application to timing attacks. Use verifyBytes or verifyStream to verify signatures.

Example

import 'dart:convert' show base64, utf8;
import 'package:webcrypto/webcrypto.dart';

// Generate an HmacSecretKey.
final key = await HmacSecretKey.generateKey(Hash.sha256);

String stringToSign = 'example-string-to-signed';

// Compute signature.
final signature = await key.signBytes(utf8.encode(stringToSign));

// Verify signature.
final result = await key.verifyBytes(
  signature,
  utf8.encode(stringToSign),
);
assert(result == true, 'this signature should be valid');

Implementation

Future<bool> verifyBytes(List<int> signature, List<int> data);