diff --git a/Makefile b/Makefile
index eb6fc4a..fa75252 100644
--- a/Makefile
+++ b/Makefile
@@ -80,8 +80,8 @@ KEYS_C  = cr_eFuse_privKey_prod.c cr_eFuse_pubKey_prod.c \
           cr_eFuse_privKey_dev.c  cr_eFuse_pubKey_dev.c  \
           cr_eFuse_aesKey_prod.c  cr_eFuse_iv_prod.c     \
           cr_eFuse_aesKey_dev.c   cr_eFuse_iv_dev.c      \
-          cr_NintendoCTR2_priv_dummy_prod.c \
-          cr_NintendoCTR2_priv_dummy_dev.c
+          cr_NintendoCTR2_priv_dummy_prod.c cr_NintendoCTR2_pub_dummy_prod.c \
+          cr_NintendoCTR2_priv_dummy_dev.c  cr_NintendoCTR2_pub_dummy_dev.c
 
 SRCS	= main.c cr_generate_id.c cr_id_util.c cr_keyPair.c \
           cr_device_cert.c cr_enc_id.c cr_alloc.c \
@@ -158,6 +158,9 @@ cr_eFuse_iv_prod.c : $(PROD_DER_KEY_DIR)/eFuse_iv.bin
 cr_NintendoCTR2_priv_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
 	perl tools/bin2c.plx $< prod
 
+cr_NintendoCTR2_pub_dummy_prod.c : $(PROD_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
+	perl tools/bin2c.plx $< prod
+
 
 cr_eFuse_privKey_dev.c : $(DEV_DER_KEY_DIR)/eFuse_privKey.der
 	perl tools/bin2c.plx $< dev
@@ -174,6 +177,9 @@ cr_eFuse_iv_dev.c : $(DEV_DER_KEY_DIR)/eFuse_iv.bin
 cr_NintendoCTR2_priv_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_priv_dummy.der
 	perl tools/bin2c.plx $< dev
 
+cr_NintendoCTR2_pub_dummy_dev.c : $(DEV_DER_KEY_DIR)/NintendoCTR2_pub_dummy.der
+	perl tools/bin2c.plx $< dev
+
 
 .PHONY: clean clobber
 clean:
diff --git a/cr_device_cert.c b/cr_device_cert.c
index f1d7839..db2c4a3 100644
--- a/cr_device_cert.c
+++ b/cr_device_cert.c
@@ -125,8 +125,6 @@
 #include <openssl/sha.h>
 #include <openssl/ec.h>
 #include <openssl/ecdsa.h>
-#include "cr_NintendoCTR2_priv_dummy_dev.c"
-#include "cr_NintendoCTR2_priv_dummy_prod.c"
 #else
 // openssl
 #include <openssl/sha.h>
@@ -136,6 +134,9 @@
 #include "cr_NintendoCTR2_priv_dummy_prod.c"
 #endif // USE_HSM
 
+#include "cr_NintendoCTR2_pub_dummy_dev.c"
+#include "cr_NintendoCTR2_pub_dummy_prod.c"
+
 #include "cr_generate_id.h"
 #include "cr_generate_id_private.h"
 
@@ -214,7 +215,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 #endif
 
 	// eccSignature
-//#ifdef USE_HSM
+#ifdef USE_HSM
 
 	// TODO: HSM使用時の処理を実装
 	
@@ -239,7 +240,7 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 		return ret_code;
 	}
 
-//#else	// !USE_HSM
+#else	// !USE_HSM
 	// DERフォーマットのECC鍵を読み込み
 	{
 		// bonding_option によって、鍵を差し替え
@@ -302,24 +303,57 @@ int GenerateCTRDeviceCert( EC_KEY *pECkey, u32 device_id, u8 bonding_option, u8
 		DEBUG_PRINT_ARRAY( "ECDSA.r:", (const char *)sig->r->d, sig->r->dmax * 4);
 		DEBUG_PRINT_ARRAY( "ECDSA.s:", (const char *)sig->s->d, sig->s->dmax * 4 );
 #endif
+
 		BN2BinWithPadding( sig->r, &deviceCert.eccSignature[  0 ], 30 );
 		BN2BinWithPadding( sig->s, &deviceCert.eccSignature[ 30 ], 30 );
 		memcpy( pDevCertSign, &deviceCert.eccSignature, 60 );
 		if( sig ) ECDSA_SIG_free( sig );
+		if( NintendoCTR2 ) EC_KEY_free( NintendoCTR2 );
+		NintendoCTR2 = NULL;
+
 #ifdef DEBUG_DEVICE_CERT_OUTPUT_FILE
 		DebugFileOutput( device_id, "dgst", sha256buf, 233/8 );
 		DebugFileOutput( device_id, "sign", ecdsasig,  signLen );
 #endif // DEBUG_DEVICE_CERT_OUTPUT_FILE
 	}
-//#endif	// USE_HSM
-	
-	// 署名ベリファイ
-	ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 );
-	if( ret_code != 1) {
-		ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
-		SetErrorInfo( __FUNCTION__, __LINE__ );
-		goto end;
+#endif	// USE_HSM
+
+	// ECDSA署名検証
+	{
+		// bonding_option によって、鍵を差し替え
+		const unsigned char *der_pub = bonding_option ? cr_NintendoCTR2_pub_dummy_dev : cr_NintendoCTR2_pub_dummy_prod;
+		int pub_len = der_pub[ 8 ] | der_pub[ 9 ] << 8;	// KEY長を取り出し
+		der_pub += 0x10; // ヘッダ部分を除外してKEY実体を指定
+
+		// BIT STRING の実データ部分のみを指定するよう調整
+		pub_len = der_pub[0x15] - 1;
+		der_pub += 0x17;
+		
+		// ECC公開鍵の読み込み
+		NintendoCTR2 = EC_KEY_new_by_curve_name( NID_sect233r1 );
+		if( NintendoCTR2 == NULL ) {
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			ret_code = CR_GENID_ERROR_ECC_KEY_NEW;
+			goto end;
+		}
+		if( o2i_ECPublicKey( &NintendoCTR2, &der_pub, pub_len ) == NULL ) {
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			ret_code = CR_GENID_ERROR_ECC_READ_PUBLIC_KEY;
+			goto end;
+		}
+#if 0
+		// TODO: ハッシュ処理
+		// TODO: ECDSA署名（DER）を再構築
+		// 署名ベリファイ
+		ret_code = ECDSA_verify( 0, sha1Buf, 20, signBuf, signLen, NintendoCTR2 );
+		if( ret_code != 1) {
+			ret_code = CR_GENID_ERROR_ECDSA_VERIFY;
+			SetErrorInfo( __FUNCTION__, __LINE__ );
+			goto end;
+		}
+#endif
 	}
+
 	ret_code = CR_GENID_SUCCESS;
 
 #if 0
diff --git a/cr_generate_id_private.h b/cr_generate_id_private.h
index a56d7c8..9828e46 100644
--- a/cr_generate_id_private.h
+++ b/cr_generate_id_private.h
@@ -161,17 +161,18 @@ extern "C" {
 #define CR_GENID_ERROR_ECC_GENERATE_PRIVATE_KEY ( -3)
 #define CR_GENID_ERROR_ECC_GENERATE_PUBLIC_KEY  ( -4)
 #define CR_GENID_ERROR_ECC_READ_PRIVATE_KEY     ( -5)
-#define CR_GENID_ERROR_ECDSA_SIGN               ( -6)
-#define CR_GENID_ERROR_ECDSA_DEC                ( -7)
-#define CR_GENID_ERROR_ECDSA_VERIFY             ( -8)
-#define CR_GENID_ERROR_AES_ENC                  ( -9)
-#define CR_GENID_ERROR_AES_DEC                  (-10)
-#define CR_GENID_ERROR_AES_VERIFY               (-11)
-#define CR_GENID_ERROR_RSA_READ_PRIVATE_KEY     (-12)
-#define CR_GENID_ERROR_RSA_READ_PUBLIC_KEY      (-13)
-#define CR_GENID_ERROR_RSA_ENC                  (-14)
-#define CR_GENID_ERROR_RSA_DEC                  (-15)
-#define CR_GENID_ERROR_RSA_VERIFY               (-16)
+#define CR_GENID_ERROR_ECC_READ_PUBLIC_KEY      ( -6)
+#define CR_GENID_ERROR_ECDSA_SIGN               ( -7)
+#define CR_GENID_ERROR_ECDSA_DEC                ( -8)
+#define CR_GENID_ERROR_ECDSA_VERIFY             ( -9)
+#define CR_GENID_ERROR_AES_ENC                  (-10)
+#define CR_GENID_ERROR_AES_DEC                  (-11)
+#define CR_GENID_ERROR_AES_VERIFY               (-12)
+#define CR_GENID_ERROR_RSA_READ_PRIVATE_KEY     (-13)
+#define CR_GENID_ERROR_RSA_READ_PUBLIC_KEY      (-14)
+#define CR_GENID_ERROR_RSA_ENC                  (-15)
+#define CR_GENID_ERROR_RSA_DEC                  (-16)
+#define CR_GENID_ERROR_RSA_VERIFY               (-17)
 
 typedef struct {
     u32 magic_number;                  /* 0x00 - 0x03 = 0xdeadb00f �m��I*/