I’m experimenting with using the web crypto API. and want to verify signatures from the browser in Elixir (or erlang, so far I have used only modules that are also available in erlang).
The steps in the browser are:
- generate a key pair.
- export public-key in PEM format
- Sign message
- Base64 encode the signature
- Send the PEM public-key and encoded signature to the backend
The steps to verify on the backend:
- decode PEM
- decode signature
The exact code I run is available in this gist.
This files can be used by copy pasting
sign.js into the browser console and
verify.ex into an iex session.
Doing this the verify function will return false.
I have tried several variations of how I encode/decode. I do need these encode steps because I eventually want to send the signature in the
authorization header of a request.
Any help would be greatly appreciated.