3.1.5.9 Validating a SIGNATURE Structure
To validate that a SIGNATURE structure contains the correct signature of a given buffer, a PNRP node MUST perform the following checks. If any assertion is not true, the SIGNATURE structure MUST be rejected as invalid.
Verify that the SIGNATURE structure conforms to the syntax as specified in section 2.2.3.2.
A PNRP node MUST read the ALG_ID field from the SIGNATURE structure, and then hash the buffer by using the algorithm as specified in ALG_ID. The node MUST decrypt the Signature Data field by using the public key received as a part of the CPA. Finally, verify that the decrypted signature matches the previously mentioned hash.