diff --git a/src/errors.rs b/src/errors.rs
index 7029d7f..336463b 100644
--- a/src/errors.rs
+++ b/src/errors.rs
@@ -17,6 +17,9 @@ pub enum UpubError {
 
 	#[error("fetch error: {0}")]
 	Reqwest(#[from] reqwest::Error),
+
+	#[error("invalid base64 string: {0}")]
+	Base64(#[from] base64::DecodeError),
 }
 
 impl UpubError {
diff --git a/src/server/auth.rs b/src/server/auth.rs
index 6129180..27a8744 100644
--- a/src/server/auth.rs
+++ b/src/server/auth.rs
@@ -89,9 +89,9 @@ where
 
 fn verify_control_text(txt: &str, key: &str, control: &str) -> crate::Result<bool> {
 	let pubkey = PKey::public_key_from_pem(key.as_bytes())?;
-	let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey).unwrap();
-	verifier.update(txt.as_bytes())?;
-	Ok(verifier.verify(&base64::prelude::BASE64_URL_SAFE.decode(control).unwrap_or_default())?)
+	let mut verifier = Verifier::new(MessageDigest::sha256(), &pubkey)?;
+	let signature = base64::prelude::BASE64_URL_SAFE.decode(control)?;
+	Ok(verifier.verify_oneshot(&signature, txt.as_bytes())?)
 }