Verify Result Signature

Verihubs provides a Liveness result signature to prove authenticity and integrity. Authenticity ensures that a given file was indeed created by Verihubs. Integrity ensures that the contents of the file have not been tampered with.

Before we proceed, the following prerequisite data must be provided:

• credential.secret: The data provided in Builder.setCredential
• credential.clientId: The data provided in Builder.setCredential
• result.url: The URL from the Liveness result
• result.timestamp: The timestamp from the Liveness result

Preparing Builder Parameter

To provide credential.secret and credential.clientId data, add new builder credential specification to builder parameters

.setCredential({
        clientId: 'YOUR_CLIENT_ID',
        secret: 'YOUR_SECRET',
    })

Combining all builder parameters, full content will look like

new Builder()
    .setCredential({
        clientId: 'YOUR_CLIENT_ID',
        secret: 'YOUR_SECRET',
    })
    .setInstruction(['look_left', 'look_right'], {
        commands: ['open_mouth'],
        seedLimit: 1,
    })
    .setProxyMiddleware({
        PassiveLiveness: {
            url: 'http://localhost:8888/liveness/face',
        },
        License: {
            url: 'http://localhost:8888/license/{license_id}/check',
        },
    })
    .setTimeout(60000)
    .setURL('./liveness')
    .setVirtualCameraLabel(['OBS', 'Virtual'])
    .build();

Validation Signature with CLI

After get liveness result with provided prerequisite data, the next step is to use the following command line to generate the signature for validation:

echo -n <credential.secret> | openssl dgst -sha256 -hmac <credential.clientId>:$(echo -n '"<result.url>"' | openssl dgst -sha256):<result.timestamp>

If the result from this command line matches the digital signature from result.signature, the Liveness result is valid.