On Sat, Jun 12, 2021 at 10:20:22PM +0200, Gaardiolor wrote:
> When I compare those, they are exactly the same. But that's the thing, I
> think server.sig.decrypted should be prepended with a sha256 designator
> 30 31 30 0d 06 09 60 86 48 01 65 03 04 02 01 05 00 04 20, which is
> missing. I do see this designator with working certificates. I suspect
> this is the problem.
>
> Is that designator mandatory and likely the cause of my issue ?
Yes, PKCS#1 signatures must have an algorithm OID prefix.
--
Viktor.
