Internet Draft Signatures
OpenSSL can be used to validate the digital signatures on signed Internet-Drafts. You will need to install OpenSSL and the root certificates, which can be downloaded from this page, or you can extract it from your own trusted root store and convert it to the needed PEM format using the following command:
openssl x509 -in comodo.cer -inform DER -out comodo.pem
Effective November of 2013, the new IETF Combined Certificate Bundle is required to verify draft signatures.
The digital signature is stored in a file with the same name as the Internet-Draft followed by a .p7s file extension. For example:
Once you have the comodo.pem file, the Internet-Draft, and the companion signature file, the following OpenSSL command can be used to validate the digital signature:
openssl cms -verify -CAfile combined.pem -content <id-file-name> -inform DER \
-in <sig-file-name> -out /dev/null