Same test as rsa-pkcs1-sha1.pem, except the SPKI has been modified so the algorithm parameters are absent rather than NULL. This should fail because RFC 3279 says the parameters MUST be NULL. $ openssl asn1parse -i < [PUBLIC KEY] 0:d=0 hl=3 l= 157 cons: SEQUENCE 3:d=1 hl=2 l= 11 cons: SEQUENCE 5:d=2 hl=2 l= 9 prim: OBJECT :rsaEncryption 16:d=1 hl=3 l= 141 prim: BIT STRING -----BEGIN PUBLIC KEY----- MIGdMAsGCSqGSIb3DQEBAQOBjQAwgYkCgYEApW5KDnAQF1iaUYfcfqhB0Vby7A42rVKkTf6x5h9 62ZHYxRBW/+2xYrTA8oOhKoijlN/1JqtykcuzB86r/OCx39XNlQgJbVsri2311nHvY3fAkhyyPC cKcOJZjm/4nRnxBazC0/DLNfKSgOE4a29kxO8i4eHyDQzoz/siSb2aITcCAwEAAQ== -----END PUBLIC KEY----- $ openssl asn1parse -i < [ALGORITHM] 0:d=0 hl=2 l= 13 cons: SEQUENCE 2:d=1 hl=2 l= 9 prim: OBJECT :sha1WithRSAEncryption 13:d=1 hl=2 l= 0 prim: NULL -----BEGIN ALGORITHM----- MA0GCSqGSIb3DQEBBQUA -----END ALGORITHM----- -----BEGIN DATA----- zch9oiPXht87ReC7vHITJtHuKvgGzDFUdcxvDZxm4bYjcdRc4jkuGskoRMMQEC8Vag2NUsH0xAu jqmUJV4bLdpdXplY7qVj+0LzJhOi1F6PV9RWyO4pB50qoZ2k/kN+wYabobfqu5kRywA5fIJRXKc vr538Gznjgj0CY+6QfnWGTwDF+i2DUtghKy0LSnjgIo7w3LYXjMRcPy/fMctC3HClmSLOk0Q9BY pXQgHqmJcqydE/Z6o/SI8QlNwKYKL0WvgJUbxMP0uM7k20mduCK7RtzMYt1CgFn0A== -----END DATA----- $ openssl asn1parse -i < [SIGNATURE] 0:d=0 hl=3 l= 129 prim: BIT STRING -----BEGIN SIGNATURE----- A4GBAGvDoGZWhCkwokfjDVhktNgZI2unxollhirX28TiSvKOhrtTHwM1i+X7dHd8YIb4UMrviT8 Nb8wtDJHsATaTtOoAuAzUmqxOy1+JEa/lOa2kqPOCPR0T5HLRSQVHxlnHYX89JAh9228rcglhZ/ wJfKsY6aRY/LY0zc6O41iUxITX -----END SIGNATURE-----