diff --git a/ChangeLog b/ChangeLog
index 5f9d7fd..fa29bf2 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,9 @@
 2012-05-31  Niibe Yutaka  <gniibe@fsij.org>
 
+	* src/call-rsa.c (rsa_verify): It's SIG_RSA_MD5.
+	* src/openpgp.c (cmd_external_authenticate): Follow the change of
+	rsa_verify.
+
 	Support "firmware update" keys.
 	* src/flash.c (flash_write_binary): Support update keys.
 	* src/gnuk.h (FILEID_UPDATE_KEY_0, FILEID_UPDATE_KEY_1)
diff --git a/src/call-rsa.c b/src/call-rsa.c
index 424aaf9..1de254b 100644
--- a/src/call-rsa.c
+++ b/src/call-rsa.c
@@ -185,8 +185,7 @@ rsa_decrypt (const uint8_t *input, uint8_t *output, int msg_len,
 }
 
 int
-rsa_verify (const uint8_t *pubkey, const uint8_t *hash, int hashlen,
-	    const uint8_t *signature)
+rsa_verify (const uint8_t *pubkey, const uint8_t *hash, const uint8_t *sig)
 {
   int r;
 
@@ -197,8 +196,7 @@ rsa_verify (const uint8_t *pubkey, const uint8_t *hash, int hashlen,
 
   DEBUG_INFO ("RSA verify...");
 
-  r = rsa_pkcs1_verify (&rsa_ctx, RSA_PUBLIC, SIG_RSA_RAW, hashlen,
-			hash, signature);
+  r = rsa_pkcs1_verify (&rsa_ctx, RSA_PUBLIC, SIG_RSA_MD5, 16, hash, sig);
 
   rsa_free (&rsa_ctx);
   if (r < 0)
diff --git a/src/gnuk.h b/src/gnuk.h
index ebf9aae..0220595 100644
--- a/src/gnuk.h
+++ b/src/gnuk.h
@@ -230,7 +230,7 @@ extern int rsa_sign (const uint8_t *, uint8_t *, int, struct key_data *);
 extern const uint8_t *modulus_calc (const uint8_t *, int);
 extern void modulus_free (const uint8_t *);
 extern int rsa_decrypt (const uint8_t *, uint8_t *, int, struct key_data *);
-extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash, int hashlen,
+extern int rsa_verify (const uint8_t *pubkey, const uint8_t *hash,
 		       const uint8_t *signature);
 
 extern const uint8_t *gpg_do_read_simple (uint8_t);
diff --git a/src/openpgp.c b/src/openpgp.c
index c26dcc7..9f8ee0a 100644
--- a/src/openpgp.c
+++ b/src/openpgp.c
@@ -887,8 +887,8 @@ cmd_write_binary (void)
 
   if (i == 4)			/* all update keys are removed */
     {
-      p = gpg_get_firmware_update_key (0)
-	flash_erase_page ((uint32_t)p);
+      p = gpg_get_firmware_update_key (0);
+      flash_erase_page ((uint32_t)p);
     }
 
   DEBUG_INFO ("WRITE BINARY done.\r\n");
@@ -921,7 +921,7 @@ cmd_external_authenticate (void)
       return;
     }
 
-  r = rsa_verify (pubkey, challenge, CHALLENGE_LEN, signature);
+  r = rsa_verify (pubkey, challenge, signature);
   random_bytes_free (challenge);
   challenge = NULL;
   if (r < 0)