3.2.5.2.2.7 Verify Signature

The message signature MUST be verified using the client's signature public key, as obtained in section 3.2.5.2.2.2 with the RSA algorithm, as defined in [PKCS1].

The message signature MUST be for the message digest, as computed in section 3.2.5.2.2.6.

Comparison of this message signature with the one saved from section 3.2.5.2.2.2 MUST be performed. If the signatures do not match, the data integrity and authenticity verification has failed. In this case, the message MUST be rejected and the server MUST return a Fault message. The fault code is defined in section 2.2.2.2.15 with value set to "204" or "205", and the fault string can be any string describing the error.