private void VerifyResponse(HttpResponseMessage responseMessage, string content) { var serverSignatureHeader = responseMessage.Headers.FirstOrDefault(h => h.Key == ServerSignatureHeaderName).Value.FirstOrDefault(); if (serverSignatureHeader == null) { throw new BunqApiException("Server sent an invalid response. No signature header found."); } var builder = new StringBuilder(); builder.AppendFormat("{0}\n", (int)responseMessage.StatusCode); foreach (var header in responseMessage.Headers.Where(h => h.Key.StartsWith("X-Bunq-") && h.Key != ServerSignatureHeaderName).OrderBy(h => h.Key)) { builder.AppendFormat("{0}: {1}\n", header.Key, header.Value.First()); } builder.Append("\n"); builder.Append(content); var builderBytes = Encoding.UTF8.GetBytes(builder.ToString()); var serverSignature = Convert.FromBase64String(serverSignatureHeader); if (!ServerPublicKey.VerifyData(builderBytes, serverSignature, HashAlgorithmName.SHA256, RSASignaturePadding.Pkcs1)) { throw new BunqApiException("Server sent an invalid response. Signature invalid."); } }