We have a requirement to verify some json data with a signature received in a json payload using a public key cert provided from the source system. I’m trying to find the best way to achieve a signature verification in Mulesoft.

Does anyone know how we might go about this without using a custom java class?

I’ve managed to achieve this will openssl:

openssl dgst -sha512 -verify {PUBLIC_KEY} -signature {SIGNATURE_FROM_SOURCE} {DATA_TO_BE_VERIFIED}

Also managed to achieve it via PHP scripting:

<?php

$data = 'SOME_DATA_TO_VERIFY';
$key = '-----BEGIN PUBLIC KEY-----
...
-----END PUBLIC KEY-----';

$signature = "Cr9pq+2subNMTz...=";
$pubkeyid = openssl_pkey_get_public($key);

$ok = openssl_verify($data, base64_decode($signature), $pubkeyid, 'SHA512');
if ($ok == 1) {
    echo "Signature verified";
} elseif ($ok == 0) {
    echo "Signature not verified";
} else {
    echo "Error checking signature";
}