I'm trying to communicate with IAS (version 2) and to verify the signature of the IAS response.
In the response I received, I got response status 200 (operation successful) and I looked on the header field x-iasreport-signature which should be a base64 encoded signature over the body. The length of the encoded signature I received was 344 bytes => the length of the signature (after the base64 decoding) is 256 bytes.
Now, I want to verify the signature using the public key in AttestationReportSigningCACert.pem. Using the commands
openssl x509 -in AttestationReportSigningCACert.pem -pubkey -noout > key.pem
openssl rsa -in key.pem -pubin -text -noout
I saw that your public key is 3072 bits (384 bytes) => I expect that the signature will also be 384 bytes, but the signature is only 256 bytes.
What am I missing?
Eventually I understood what I did wrong.
The 3072 bit public key in AttestationReportSigningCACert.pem is only intended for verifiying x-iasreport-signing-certificate, which is another header field of the IAS response. The public key in x-iasreport-signing-certificate is 2048 bit (i.e 256 bytes) and this should be the public key that needed for verifying x-iasreport-signature.