Here is the test case that explains the issue. Not sure if I am missing something. I believe the certify.SIGNATURE is corrupt.

#!/bin/bash

srk_handle=0x81000003
ek_handle=0x81010001

# IDevID
tpm2_createak \
--ek-context=$ek_handle \
--ak-context=IDevID.ctx \
--key-algorithm=rsa \
--hash-algorithm=sha1 \
--public=IDevID.pub \
--private=IDevID.priv
# --signing-algorithm=sha1

# LDevID
tpm2_create \
--parent-context=$srk_handle \
--hash-algorithm=sha1 \
--key-algorithm=rsa2048 \
--public=LDevID.pub \
--private=LDevID.priv \
--creation-data=LDevID.CREATION_DATA \
--creation-hash=LDevID.CREATION_HASH \
--creation-ticket=LDevID.CREATION_TICKET

tpm2_load \
--parent-context=$srk_handle \
--public=LDevID.pub \
--private=LDevID.priv \
--key-context=LDevID.ctx

# Certify
tpm2_certify \
--certifiedkey-context=LDevID.ctx \
--signingkey-context=IDevID.ctx \
--hash-algorithm=sha1 \
--attestation=certify.ATTESTATION \
--signature=certify.SIGNATURE \
--format=plain

# Certify Creation
tpm2_certifycreation \
--certifiedkey-context=LDevID.ctx \
--signingkey-context=IDevID.ctx \
--hash-algorithm=sha1 \
--creation-hash=LDevID.CREATION_HASH \
--ticket=LDevID.CREATION_TICKET \
--signature=certifycreation.SIGNATURE \
--attestation=certifycreation.ATTESTATION \
--format=plain

# IDevID.der
echo 'MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA' | openssl base64 -a -d > IDevID.header.temp
dd if=IDevID.pub bs=1 skip=$(expr $(stat --format=%s IDevID.pub) - 256) of=IDevID.modulus.temp
echo -en '\x02\x03' > IDevID.mid-header.temp
echo -ne '\x01\x00\x01' > IDevID.exponent.temp
cat IDevID.header.temp IDevID.modulus.temp IDevID.mid-header.temp IDevID.exponent.temp > IDevID.der

# Remove first two bytes (byte size of struct) in certifycreation.ATTESTATION
# in order for hash to comply. Magic Header" must be ff 54 43 47
dd if=certifycreation.ATTESTATION of=certifycreation.ATTESTATION_2 bs=1 skip=2

# WORKS: Verify Certify Creation
openssl dgst \
-verify IDevID.der -keyform der \
-sha1 -signature certifycreation.SIGNATURE certifycreation.ATTESTATION_2

# FAILS: Verify Create
openssl dgst \
-verify IDevID.der -keyform der \
-sha1 -signature certify.SIGNATURE certify.ATTESTATION

# WORKS:
openssl rsautl \
-verify \
-pubin -inkey IDevID.der -keyform DER \
-in certifycreation.SIGNATURE \
-out certifycreation.SIGNATURE.asn1

dumpasn1 certifycreation.SIGNATURE.asn1

# FAILS:
openssl rsautl \
-verify \
-pubin -inkey IDevID.der -keyform DER \
-in certify.SIGNATURE \
-out certify.SIGNATURE.asn1

Den tis 10 dec. 2019 kl 23:40 skrev Niklas Andersson <niklas.andersson@fredenheim.se>:
openssl can not verify plain signature (256 bytes) from tpm2_certify due to bad padding.

This should work (verification of signature from tpm2_certifycreation works fine):

openssl dgst -verify ../AIKOpaque.der -keyform der -sha1 -signature Signature KeyAttest.bin
Verification Failure

....examine:

openssl rsautl -verify -inkey ../AIKOpaque.der -in Signature -pubin -keyform der -pkcs > decrypted.bin
RSA operation error
140654247387584:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:../crypto/rsa/rsa_pk1.c:67:
140654247387584:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:582:

..Same operation on a plain signature from tpm2_certifycreation works:

openssl rsautl -verify -inkey ../AIKOpaque.der -in ../IdBinding.EXTRACTED_TPMT_SIGNATURE -pubin -keyform der  > decrypted.bin

dumpasn1 decrypted.bin
  0  33: SEQUENCE {
  2   9:   SEQUENCE {
  4   5:     OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 11   0:     NULL
       :     }
 13  20:   OCTET STRING 2D A1 D1 30 3A D2 FD 68 A1 5A 2F 9B 8B C1 1E DB 36 A7 7C D4
       :   }

So. It looks like a bug in tpm2_certify.
tool="tpm2_certify" version="4.1" tctis="libtss2-tctildr" tcti-default=tcti-device
tpm2-tss 2.3.2-rc0

Regards,
Niklas