openssl verify question

[Viktor Dukhovni]

On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:

> When I compare those, they are exactly the same. But that's the thing, I 
> think server.sig.decrypted should be prepended with a sha256 designator 
> 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is 
> missing. I do see this designator with working certificates. I suspect 
> this is the problem.
>
> Is that designator mandatory and likely the cause of my issue ? 

Yes, PKCS#1 signatures must have an algorithm OID prefix.

-- 
    Viktor.