@Edent @Gargron I'm not sure how to convey to you how important it is to ONLY use the keyId field in the signature header for validating the signature. Do not go spelunking around in the body of the message. If you can't figure it out from the Signature header, the signature is invalid.