diff --git a/SignalServiceKit/src/Contacts/CDSSigningCertificate.m b/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
index e25b4ad56..b7c866d58 100644
--- a/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
+++ b/SignalServiceKit/src/Contacts/CDSSigningCertificate.m
@@ -5,6 +5,7 @@
 #import "CDSSigningCertificate.h"
 #import "NSData+Base64.h"
 #import "NSData+OWS.h"
+#import <CommonCrypto/CommonCrypto.h>
 
 NS_ASSUME_NONNULL_BEGIN
 
@@ -95,14 +96,12 @@ NS_ASSUME_NONNULL_BEGIN
         return nil;
     }
 
-    // TODO:
     status = SecTrustSetNetworkFetchAllowed(trust, NO);
     if (status != errSecSuccess) {
         DDLogError(@"%@ trust fetch could not be configured.", self.logTag);
         return nil;
     }
 
-    // TODO:
     status = SecTrustSetAnchorCertificatesOnly(trust, YES);
     if (status != errSecSuccess) {
         DDLogError(@"%@ trust anchor certs could not be configured.", self.logTag);
@@ -229,54 +228,29 @@ NS_ASSUME_NONNULL_BEGIN
     return certificateData;
 }
 
-- (BOOL)verifySignatureOfBody:(NSString *)body signature:(NSData *)theirSignature
+- (BOOL)verifySignatureOfBody:(NSString *)body signature:(NSData *)signature
 {
-    BOOL result = NO;
-
-    // TODO: Which algorithm should we be using?
-    DDLogVerbose(@"%@ kSecKeyAlgorithmRSASignatureDigestPSSSHA256.", self.logTag);
-    result = result ||
-        [self verifySignatureOfBody:body
-                          signature:theirSignature
-                          algorithm:kSecKeyAlgorithmRSASignatureDigestPSSSHA256];
-    DDLogVerbose(@"%@ kSecKeyAlgorithmRSASignatureMessagePSSSHA256.", self.logTag);
-    result = result ||
-        [self verifySignatureOfBody:body
-                          signature:theirSignature
-                          algorithm:kSecKeyAlgorithmRSASignatureMessagePSSSHA256];
-    return result;
-}
-
-// TODO: This method requires iOS 10.
-- (BOOL)verifySignatureOfBody:(NSString *)body signature:(NSData *)signature algorithm:(SecKeyAlgorithm)algorithm
-{
-    OWSAssert(body.length > 0);
-    OWSAssert(signature.length > 0);
     OWSAssert(self.publicKey);
 
     NSData *bodyData = [body dataUsingEncoding:NSUTF8StringEncoding];
 
-    BOOL canSign = SecKeyIsAlgorithmSupported(self.publicKey, kSecKeyOperationTypeVerify, algorithm);
-    if (!canSign) {
-        OWSProdLogAndFail(@"%@ signature algorithm is not supported.", self.logTag);
+    size_t signedHashBytesSize = SecKeyGetBlockSize(self.publicKey);
+    const void *signedHashBytes = [signature bytes];
+    size_t hashBytesSize = CC_SHA256_DIGEST_LENGTH;
+    uint8_t hashBytes[hashBytesSize];
+    if (!CC_SHA256([bodyData bytes], (CC_LONG)[bodyData length], hashBytes)) {
+        OWSProdLogAndFail(@"%@ could not SHA256 for signature verification.", self.logTag);
         return NO;
     }
 
-    CFErrorRef error = NULL;
-    BOOL isValid = SecKeyVerifySignature(
-        self.publicKey, algorithm, (__bridge CFDataRef)bodyData, (__bridge CFDataRef)signature, &error);
-    if (error) {
-        NSError *nsError = CFBridgingRelease(error);
-        // TODO:
-        DDLogError(@"%@ signature verification failed: %@.", self.logTag, nsError);
-        //        OWSProdLogAndFail(@"%@ signature verification failed: %@.", self.logTag, nsError);
-        return NO;
-    }
+    OSStatus status = SecKeyRawVerify(
+        self.publicKey, kSecPaddingPKCS1SHA256, hashBytes, hashBytesSize, signedHashBytes, signedHashBytesSize);
+
+    BOOL isValid = status == errSecSuccess;
     if (!isValid) {
         OWSProdLogAndFail(@"%@ signatures do not match.", self.logTag);
         return NO;
     }
-    DDLogVerbose(@"%@ signature verification succeeded.", self.logTag);
     return YES;
 }
 
diff --git a/SignalServiceKit/src/Contacts/ContactDiscoveryService.m b/SignalServiceKit/src/Contacts/ContactDiscoveryService.m
index 60b0cd293..d65c76808 100644
--- a/SignalServiceKit/src/Contacts/ContactDiscoveryService.m
+++ b/SignalServiceKit/src/Contacts/ContactDiscoveryService.m
@@ -297,7 +297,7 @@ NS_ASSUME_NONNULL_BEGIN
                                                            authToken:auth.authToken];
     [[TSNetworkManager sharedManager] makeRequest:request
         success:^(NSURLSessionDataTask *task, id responseJson) {
-            DDLogVerbose(@"%@ remote attestation success: %@", self.logTag, responseJson);
+            DDLogVerbose(@"%@ remote attestation success.", self.logTag);
 
             dispatch_async(dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0), ^{
                 // TODO: Handle result.
@@ -482,10 +482,8 @@ NS_ASSUME_NONNULL_BEGIN
         return NO;
     }
     if (![certificate verifySignatureOfBody:signatureBody signature:signature]) {
-        // TODO:
-        DDLogError(@"%@ could not verify signature.", self.logTag);
-        //        OWSProdLogAndFail(@"%@ could not verify signature.", self.logTag);
-        //        return NO;
+        OWSProdLogAndFail(@"%@ could not verify signature.", self.logTag);
+        return NO;
     }
 
     SignatureBodyEntity *_Nullable signatureBodyEntity = [self parseSignatureBodyEntity:signatureBody];