Verifying the signature
A sample response is shown as below:
After receiving a response, perform the following steps to verify the signature:
- Split the full response contents to 2 parts, the response JSON string and the signature string, by using the regular expression instead of JSON object.
- Hash the response JSON string by using the SHA1 algorithm to obtain a message digest.
- Use the public key to decrypt the signature to a message digest.
- Compare the two message digests obtained in step 2 and step 3. If the digests are the same, then it indicates that the signed data has not been changed.