files/en-us/web/api/authenticatorassertionresponse/signature/index.md
{{APIRef("Web Authentication API")}}{{securecontext_header}}
The signature read-only property of the
{{domxref("AuthenticatorAssertionResponse")}} interface is an {{jsxref("ArrayBuffer")}}
object which is the signature of the authenticator for both
{{domxref("AuthenticatorAssertionResponse.authenticatorData")}} and a SHA-256 hash of
the client data
({{domxref("AuthenticatorResponse.clientDataJSON","AuthenticatorAssertionResponse.clientDataJSON")}}).
This signature will be sent to the server for control, as part of the response. It provides the proof that an authenticator does possess the private key which was used for the credential's generation.
An {{jsxref("ArrayBuffer")}} object which the signature of the authenticator (using its private key) for both {{domxref("AuthenticatorAssertionResponse.authenticatorData")}} and a SHA-256 hash given by the client for its data (the challenge, the origin, etc. and available from {{domxref("AuthenticatorResponse.clientDataJSON","AuthenticatorAssertionResponse.clientDataJSON")}}).
See Retrieving a public key credential for a detailed example.
{{Specifications}}
{{Compat}}