check authenticated rpc signatures in separate threads

lib/rpc.js

@@ -175,11 +175,13 @@ var rpc = function (Env, Server, userId, data, respond) {
     if (isAuthenticatedCall(command)) {
         // check the signature on the message
         // refuse the command if it doesn't validate
-        if (Core.checkSignature(Env, serialized, signature, publicKey) === true) {
+        return void Env.checkSignature(serialized, signature, publicKey, function (err) {
+            if (err) {
+                return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+            }
             HK.authenticateNetfluxSession(Env, userId, publicKey);
             return void handleAuthenticatedMessage(Env, publicKey, msg, respond, Server);
-        }
-        return void respond("INVALID_SIGNATURE_OR_PUBLIC_KEY");
+        });
     }
     Env.Log.warn('INVALID_RPC_CALL', command);
     return void respond("INVALID_RPC_CALL");