openssl can not verify plain signature (256 bytes) from tpm2_certify due to bad padding.

This should work (verification of signature from tpm2_certifycreation works fine):

openssl dgst -verify ../AIKOpaque.der -keyform der -sha1 -signature Signature KeyAttest.bin
Verification Failure

....examine:

openssl rsautl -verify -inkey ../AIKOpaque.der -in Signature -pubin -keyform der -pkcs > decrypted.bin
RSA operation error
140654247387584:error:0407008A:rsa routines:RSA_padding_check_PKCS1_type_1:invalid padding:../crypto/rsa/rsa_pk1.c:67:
140654247387584:error:04067072:rsa routines:rsa_ossl_public_decrypt:padding check failed:../crypto/rsa/rsa_ossl.c:582:

..Same operation on a plain signature from tpm2_certifycreation works:

openssl rsautl -verify -inkey ../AIKOpaque.der -in ../IdBinding.EXTRACTED_TPMT_SIGNATURE -pubin -keyform der  > decrypted.bin

dumpasn1 decrypted.bin
  0  33: SEQUENCE {
  2   9:   SEQUENCE {
  4   5:     OBJECT IDENTIFIER sha1 (1 3 14 3 2 26)
 11   0:     NULL
       :     }
 13  20:   OCTET STRING 2D A1 D1 30 3A D2 FD 68 A1 5A 2F 9B 8B C1 1E DB 36 A7 7C D4
       :   }

So. It looks like a bug in tpm2_certify.
tool="tpm2_certify" version="4.1" tctis="libtss2-tctildr" tcti-default=tcti-device
tpm2-tss 2.3.2-rc0

Regards,
Niklas