diff --git a/Cargo.lock b/Cargo.lock
index 471a7f6..bd6b5b9 100644
--- a/Cargo.lock
+++ b/Cargo.lock
@@ -561,9 +561,9 @@ dependencies = [
 
 [[package]]
 name = "log"
-version = "0.4.19"
+version = "0.4.20"
 source = "registry+https://github.com/rust-lang/crates.io-index"
-checksum = "b06a4cde4c0f271a446782e3eff8de789548ce57dbc8eca9292c27f4a42004b4"
+checksum = "b5e6163cb8c49088c2c36f57875e58ccd8c87c7427f7fbd50ea6710b2f3f2e8f"
 
 [[package]]
 name = "memchr"
@@ -1322,7 +1322,9 @@ dependencies = [
  "argh",
  "globset",
  "hard-xml",
+ "log",
  "omaha",
+ "protobuf",
  "reqwest",
  "rsa",
  "sha2",
diff --git a/Cargo.toml b/Cargo.toml
index e3ba9be..16b11ae 100644
--- a/Cargo.toml
+++ b/Cargo.toml
@@ -15,6 +15,8 @@ url = "2"
 rsa = { version = "0.9.2", features = ["sha2"] }
 argh = "0.1"
 globset = "0.4"
+log = "0.4.20"
+protobuf = "3.2.0"
 
 [dependencies.omaha]
 path = "omaha"
@@ -27,3 +29,7 @@ members = [
     "omaha",
     "update-format-crau"
 ]
+
+[[bin]]
+name = "crau_verify"
+path = "test/crau_verify.rs"
diff --git a/src/bin/download_sysext.rs b/src/bin/download_sysext.rs
index a66a1cf..b65232e 100644
--- a/src/bin/download_sysext.rs
+++ b/src/bin/download_sysext.rs
@@ -9,6 +9,7 @@ use hard_xml::XmlRead;
 use argh::FromArgs;
 use url::Url;
 
+#[rustfmt::skip]
 fn get_pkgs_to_download(resp: &omaha::Response, glob_set: &GlobSet)
         -> Result<Vec<(Url, omaha::Hash<omaha::Sha256>)>, Box<dyn Error>> {
     let mut to_download: Vec<(Url, omaha::Hash<_>)> = Vec::new();
@@ -18,7 +19,7 @@ fn get_pkgs_to_download(resp: &omaha::Response, glob_set: &GlobSet)
 
         for pkg in &manifest.packages {
             if !glob_set.is_match(&*pkg.name) {
-                continue
+                continue;
             }
 
             #[rustfmt::skip]
diff --git a/update-format-crau/src/bin/test.rs b/test/crau_verify.rs
similarity index 88%
rename from update-format-crau/src/bin/test.rs
rename to test/crau_verify.rs
index acfdc02..92c21c5 100644
--- a/update-format-crau/src/bin/test.rs
+++ b/test/crau_verify.rs
@@ -8,7 +8,9 @@ use protobuf::Message;
 use proto::signatures::Signature;
 use update_format_crau::proto;
 
-//use ue_rs::verify_sig;
+use ue_rs::verify_sig;
+use ue_rs::verify_sig::get_public_key_pkcs_pem;
+use ue_rs::verify_sig::KeyType::KeyTypePkcs8;
 
 const DELTA_UPDATE_HEADER_SIZE: u64 = 4 + 8 + 8;
 const DELTA_UPDATE_FILE_MAGIC: &[u8] = b"CrAU";
@@ -89,7 +91,7 @@ fn get_signatures_bytes<'a>(mut f: &'a File, header: &'a DeltaUpdateFileHeader)
 #[rustfmt::skip]
 // parse_signature_data takes a bytes slice for signature and public key file path.
 // Return only actual data, without version and special fields.
-fn parse_signature_data(sigbytes: &[u8], pubkeyfile: &str) -> Option<Box<[u8]>> {
+fn parse_signature_data(testdata: &[u8], sigbytes: &[u8], pubkeyfile: &str) -> Option<Box<[u8]>> {
     // Signatures has a container of the fields, i.e. version, data, and
     // special fields.
     let sigmessage = match proto::Signatures::parse_from_bytes(sigbytes) {
@@ -103,12 +105,12 @@ fn parse_signature_data(sigbytes: &[u8], pubkeyfile: &str) -> Option<Box<[u8]>>
     // Return the first valid signature, iterate into the next slot if invalid.
     sigmessage.signatures.iter()
         .find_map(|sig|
-            verify_sig_pubkey(sig, pubkeyfile)
+            verify_sig_pubkey(testdata, sig, pubkeyfile)
             .map(Vec::into_boxed_slice))
 }
 
 // Verify signature with public key
-fn verify_sig_pubkey(sig: &Signature, pubkeyfile: &str) -> Option<Vec<u8>> {
+fn verify_sig_pubkey(testdata: &[u8], sig: &Signature, pubkeyfile: &str) -> Option<Vec<u8>> {
     // The signature version is actually a numeration of the present signatures,
     // with the index starting at 2 if only one signature is present.
     // The Flatcar dev payload has only one signature but
@@ -125,8 +127,8 @@ fn verify_sig_pubkey(sig: &Signature, pubkeyfile: &str) -> Option<Vec<u8>> {
     debug!("data: {:?}", sig.data());
     debug!("special_fields: {:?}", sig.special_fields());
 
-    // TODO: verify signature with pubkey
-    //    _ = verify_sig::verify_rsa_pkcs(testdata, sig.data(), get_public_key_pkcs_pem(pubkeyfile, KeyTypePkcs8));
+    // verify signature with pubkey
+    _ = verify_sig::verify_rsa_pkcs(testdata, sig.data(), get_public_key_pkcs_pem(pubkeyfile, KeyTypePkcs8));
     _ = pubkeyfile;
 
     sigvec.cloned()
@@ -144,8 +146,10 @@ fn main() -> Result<(), Box<dyn Error>> {
     // Extract signature from header.
     let sigbytes = get_signatures_bytes(&upfile, &header)?;
 
+    const TESTDATA: &str = "test data for verifying signature";
+
     // Parse signature data from the signature containing data, version, special fields.
-    let sigdata = match parse_signature_data(&sigbytes, PUBKEY_FILE) {
+    let sigdata = match parse_signature_data(TESTDATA.as_bytes(), &sigbytes, PUBKEY_FILE) {
         Some(data) => Box::leak(data),
         _ => return Err("unable to parse signature data".into()),
     };