diff --git a/services/tunnelbroker/src/server/tools.rs b/services/tunnelbroker/src/server/tools.rs
--- a/services/tunnelbroker/src/server/tools.rs
+++ b/services/tunnelbroker/src/server/tools.rs
@@ -1,4 +1,7 @@
 use crate::server::GRPCStatusCodes;
+use openssl::pkey::PKey;
+use openssl::sign::Verifier;
+use openssl::{error::ErrorStack, hash::MessageDigest};
 use tonic::{Code, Status};
 
 pub fn create_tonic_status(code: GRPCStatusCodes, text: &str) -> Status {
@@ -24,3 +27,15 @@
   };
   Status::new(status, text)
 }
+
+pub fn verify_signed_string(
+  public_key_pem: &str,
+  string_to_be_signed: &str,
+  base64_signature: &str,
+) -> Result<bool, ErrorStack> {
+  let public_key = PKey::public_key_from_pem(public_key_pem.as_bytes())?;
+  let mut verifier =
+    Verifier::new(MessageDigest::sha256(), &public_key).unwrap();
+  verifier.update(string_to_be_signed.as_bytes()).unwrap();
+  verifier.verify(&base64::decode(base64_signature).unwrap())
+}