OpenSSL recipes to verify the signature --------------------------------------- download the following files: sig.bin - contains the signature in binary CSA-Certificate.cer - contains the certificate publickey.der - contains the public key from the certificate HelloWorld-colliding.exe GoodbyeWorld-colliding.exe first recipe ------------ does raw rsa verification with recovery, this will recover the MD5 hash value from the signature verify the signature openssl rsautl -in sig.bin -inkey CSA-Certificate.cer -certin -keyform DER -verify -pkcs -asn1parse the output should be 0:d=0 hl=2 l= 32 cons: SEQUENCE 2:d=1 hl=2 l= 12 cons: SEQUENCE 4:d=2 hl=2 l= 8 prim: OBJECT :md5 14:d=2 hl=2 l= 0 prim: NULL 16:d=1 hl=2 l= 16 prim: OCTET STRING 0000 - 18 fc c4 33 4f 44 fe d6-07 18 e7 da cd 82 dd df ...30D.......... note that the MD5 hash value is shown on the last line openssl can be used to generate the MD5 hash values of files as follows openssl md5 "*.exe" the output should be MD5(GoodbyeWorld-colliding.exe)= 18fcc4334f44fed60718e7dacd82dddf MD5(HelloWorld-colliding.exe)= 18fcc4334f44fed60718e7dacd82dddf verification of the signature now is checking that both MD5 hash values are identical second recipe ------------- verifies the signature directly on the executable files, but this method has the disadvantage that it cannot use the certificate directly, it uses the public key instead (I haven't found an openssl option that directly verifies a signature on a file against a certificate) verify the signature openssl dgst -verify pubkey.der -keyform DER -signature sig.bin *.exe the output should be Verified OK Verified OK additional ---------- show that the public key in the file publickey.der is the same as the one in the certificate openssl asn1parse -in pubkey.der -inform DER -strparse 18 openssl asn1parse -in CSA-Certificate.cer -inform DER -strparse 257 the outputs should be identical to validate the certificate with its root certificate, see the colliding certificates website