# SignatureEnvelope.verify

Verifies a signature envelope against a digest/payload.

Supports `secp256k1`, `p256`, and `webAuthn` signature types.

\:::warning `keychain` signatures are not supported and will throw an error. :::

## Imports

:::code-group
```ts [Named]
import { SignatureEnvelope } from 'ox/tempo'
```

```ts [Entrypoint]
import * as SignatureEnvelope from 'ox/tempo/SignatureEnvelope'
```
:::

## Examples

### Secp256k1

```ts twoslash
import { SignatureEnvelope } from 'ox/tempo'
import { Secp256k1 } from 'ox'

const privateKey = Secp256k1.randomPrivateKey()
const publicKey = Secp256k1.getPublicKey({ privateKey })
const payload = '0xdeadbeef'

const signature = Secp256k1.sign({ payload, privateKey })
const envelope = SignatureEnvelope.from(signature)

const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey
})
// @log: true
```

### P256

For P256 signatures, the `address` or `publicKey` must match the embedded public key in the signature envelope.

```ts twoslash
import { SignatureEnvelope } from 'ox/tempo'
import { P256 } from 'ox'

const privateKey = P256.randomPrivateKey()
const publicKey = P256.getPublicKey({ privateKey })
const payload = '0xdeadbeef'

const signature = P256.sign({ payload, privateKey })
const envelope = SignatureEnvelope.from({
  prehash: false,
  publicKey,
  signature
})

const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey
})
// @log: true
```

### WebCryptoP256

```ts twoslash
import { SignatureEnvelope } from 'ox/tempo'
import { WebCryptoP256 } from 'ox'

const { privateKey, publicKey } =
  await WebCryptoP256.createKeyPair()
const payload = '0xdeadbeef'

const signature = await WebCryptoP256.sign({
  payload,
  privateKey
})
const envelope = SignatureEnvelope.from({
  prehash: true,
  publicKey,
  signature
})

const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey
})
// @log: true
```

### WebAuthnP256

```ts twoslash
import { SignatureEnvelope } from 'ox/tempo'
import { WebAuthnP256 } from 'ox'

const credential = await WebAuthnP256.createCredential({
  name: 'Example'
})
const payload = '0xdeadbeef'

const { metadata, signature } = await WebAuthnP256.sign({
  challenge: payload,
  credentialId: credential.id
})
const envelope = SignatureEnvelope.from({
  metadata,
  signature,
  publicKey: credential.publicKey
})

const valid = SignatureEnvelope.verify(envelope, {
  payload,
  publicKey: credential.publicKey
})
// @log: true
```

## Definition

```ts
function verify(
  signature: SignatureEnvelope,
  parameters: verify.Parameters,
): boolean
```

**Source:** [src/tempo/SignatureEnvelope.ts](https://github.com/wevm/ox/blob/main/src/tempo/SignatureEnvelope.ts#L1794)

## Parameters

### signature

* **Type:** `SignatureEnvelope`

#### signature.account

* **Type:** `abitype_Address`

Native multisig account address.

#### signature.init

* **Type:** `{ salt?: 0x${string}; threshold: numberType; owners: readonly Owner[]; }`
* **Optional**

Initial native multisig config for bootstrapping this account. Present only on
the first (bootstrap) transaction from the derived account; absent on every
subsequent transaction.

#### signature.inner

* **Type:** `SignatureEnvelope`

The actual signature from the access key (can be Secp256k1, P256, or WebAuthn)

#### signature.keyId

* **Type:** `Address.Address | undefined`
* **Optional**

The access key address (recovered address of the access key signer).

#### signature.metadata

* **Type:** `Pick`

#### signature.prehash

* **Type:** `boolean`

#### signature.publicKey

* **Type:** `{ prefix: number; x: 0x${string}; y: 0x${string}; }`

#### signature.signature

* **Type:** `{ r: 0x${string}; s: 0x${string}; yParity?: numberType; }`

#### signature.signatures

* **Type:** `readonly SignatureEnvelope[]`

Owner approvals over the multisig owner approval digest. Each approval is
either a primitive signature or a nested multisig signature (keychain
approvals are invalid).

#### signature.type

* **Type:** `"multisig"`

#### signature.userAddress

* **Type:** `abitype_Address`

Root account address that this transaction is being executed for

#### signature.version

* **Type:** `KeychainVersion`
* **Optional**

Keychain signature version.

### parameters

* **Type:** `verify.Parameters`

Verification parameters.

#### parameters.address

* **Type:** `abitype_Address`

Address that signed the payload.

#### parameters.payload

* **Type:** `0x${string} | Uint8Array`

Payload that was signed.

#### parameters.publicKey

* **Type:** `{ prefix: number; x: 0x${string}; y: 0x${string}; }`

Public key that signed the payload.

## Return Type

`true` if the signature is valid, `false` otherwise.

`boolean`
