Verifying the signature
After receiving a response or notification, perform the following steps to verify the signature:
- Generate the pre-sign string as described in Generating Pre-sign String.
- Use the RSA/DSA algorithm to calculate a message digest.
- Use the RSA/DSA public key to de-sign the signature (the value of the sign field) to a message digest.
- Compare the two message digests obtained in step 2 and step 3. If the digests are the same, then it indicates that the signed data has not been changed.