crypto.createVerify() Method in Node.js

The crypto.createVerify() method creates and returns a Verify object that uses the specified algorithm for digital signature verification. This method is essential for validating data integrity and authenticity in cryptographic operations.

Syntax

crypto.createVerify(algorithm, [options])

Parameters

The parameters are described as below:

• algorithm - String that specifies the algorithm name to be used while creating the verify object/instance. You can use crypto.getHashes() to get available signing algorithms.

• options - Optional parameter that can be used for controlling the stream behavior.

Return Value

Returns a Verify object that can be used to verify digital signatures.

Example 1: Creating a Verify Object

Create a file with name - createVerify.js and copy the below code snippet. After creating file, use the following command to run this code:

node createVerify.js

createVerify.js

// Node.js program to demonstrate the use of createVerify() method

// Importing the crypto module
const crypto = require('crypto');

// Creating verify object with the input algorithm
const verify = crypto.createVerify('SHA256');

// Displaying available properties
console.log('Verify object created successfully');
console.log('Writable:', verify.writable);
console.log('Algorithm used: SHA256');

Verify object created successfully
Writable: true
Algorithm used: SHA256

Example 2: Complete Signature Verification

Let's look at a practical example of verifying a digital signature:

// Node.js program to demonstrate signature verification

// Importing the crypto module
const crypto = require('crypto');

// Creating the verify object from SHA256 algo
const verify = crypto.createVerify('SHA256');

// Writing the data to be verified
verify.write('TutorialPoint');

// Ending the method
verify.end();

// Public key for verification
const publicKey = `-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAEXIvPbzLjaPLd8jgiv1TL/X8PXpJNgDkGRj9U9Lcx1
yKURpQFVavcMkfWyO8r7JlZNMax0JKfLZUM1IePRjHlFw==
-----END PUBLIC KEY-----`;

// Signature that will be verified
const signature = "MEYCIQCPfWhpzxMqu3gZWflBm5V0aetgb2/S+SGyGcElaOjgdgIhALaD4lbxVwa8HUUBFOLz+CGvIioDkf9oihSnXHCqh8yV";

// Verify the signature - prints true if verified, false otherwise
const isValid = verify.verify(publicKey, signature, 'base64');
console.log('Signature verification result:', isValid);

Signature verification result: false

Example 3: Creating Sign and Verify Pair

const crypto = require('crypto');

// Generate a key pair for demonstration
const { publicKey, privateKey } = crypto.generateKeyPairSync('rsa', {
    modulusLength: 2048,
    publicKeyEncoding: { type: 'spki', format: 'pem' },
    privateKeyEncoding: { type: 'pkcs8', format: 'pem' }
});

// Data to be signed
const data = 'Hello TutorialsPoint';

// Create signature
const sign = crypto.createSign('SHA256');
sign.update(data);
const signature = sign.sign(privateKey, 'hex');

// Verify signature
const verify = crypto.createVerify('SHA256');
verify.update(data);
const isValid = verify.verify(publicKey, signature, 'hex');

console.log('Data:', data);
console.log('Signature valid:', isValid);

Data: Hello TutorialsPoint
Signature valid: true

Common Use Cases

• API Authentication - Verifying request signatures from external services

• Data Integrity - Ensuring data hasn't been tampered with during transmission

• Digital Certificates - Validating certificate signatures in PKI systems

Conclusion

The crypto.createVerify() method is essential for digital signature verification in Node.js applications. It works alongside crypto.createSign() to provide complete cryptographic signing and verification capabilities for secure data transmission.