Using the openssl library I have created a digital signature of a file.
I can see that if I use the openssl command:
openssl rsautl -verify -inkey pubkey.pem -pubin -asn1parse -in sigfile
I get a nice output of something like:
0:d=0 hl=2 l= 49 cons: SEQUENCE
2:d=1 hl=2 l= 13 cons: SEQUENCE
4:d=2 hl=2 l= 9 prim: OBJECT :sha256
15:d=2 hl=2 l= 0 prim: NULL
17:d=1 hl=2 l= 32 prim: OCTET STRING
0000 - c9 8c 24 b6 77 ef f4 48-60 af ea 6f 49 3b ba ec ..$.w..H`..oI;..
0010 - 5b b1 c4 cb b2 09 c6 fc-2b bb 47 f6 6f f2 ad 31 [.......+.G.o..1
How can I programmatically convert my signature file into some ASN1 that I can then parse?
OpenSSL
-verify
command outputs the recovered data of the RSA signatureIt means that is returning the PKCS#1 message. A digital signature following the RFC2313 is composed of the digest algorithm identifier and the encrypted digest of the content with the RSA private key in PKCS#7 format, described in section 9.1 of RFC2315.
So (if I understood correctly...), the output of openssl is an ASN.1 sequence of digest algoritm + decrypted digest (the original digest of your content)
To decode it you can use Bouncycastle
Check Parsing ASN.1 binary data with Java for more examples
With some help from @pedrofb I managed to come up with the following solution: