Verifying the signature

A sample response is shown as below:

sign3.png

After receiving a response, perform the following steps to verify the signature:

  1. Split the full response contents to 2 parts, the response JSON string and the signature string, by using the regular expression instead of JSON object.
  1. Hash the response JSON string by using the SHA1 algorithm to obtain a message digest.
  2. Use the public key to decrypt the signature to a message digest.
  3. Compare the two message digests obtained in step 2 and step 3. If the digests are the same, then it indicates that the signed data has not been changed.