3.1.4.1.5 Signed Hash Validation

Validation is to be performed by the receiver to verify the integrity of the received data.

The following steps MUST be performed by the receiver:

  1. Compute an MD5 hash of decrypted data.

  2. Use the MD5 hash from previous step and the sender's signature public key to verify against the SignedHash field stored in the IIS_CRYPTO_BLOB message. The server will use the client's signature public key, and the client will use the server's signature public key for verification. If the signature does not match, the validation fails, as specified in [RFC3447].