// Verify the signature .. shows the response was generated
// by someone who knew the associated private key
//
Signature sig = Signature.getInstance(sigAlg.getObjectId().getId(),
"BC");
sig.initVerify(pubkey);
sig.update(content.getBytes());
return sig.verify(sigBits);
}