Hi, i have file_data(xml format) and file_signature(ASN1 DER), and also have certificate(X509 ASN1 DER). I want to check if file_data is correct, but I have some problems. what I'm doing:

Main Idea: Some company A creates file_data, then using SHA1 gets hash of the file_data, and encrypts this hash using RSA private key and gets file_signature. Then company A sends me file_data and file_signature and certificate. I get public key from certificate get file_signature and decrypt file_signature using public key and get hash_1. Then i get file_data and use SHA1 to get hash_2. If hash_1 and hash_2 is equal, i can trust to content of the file_data, am I right?

Implementation:

1. Load certificate: d2i_X509_fp() function. Now I have certificate.
2. Get public key of the certificate: X509_extract_key, now i have public key.
3. Now i want to load file_signature to decrypt it using public key, BUT file_signature has ASN1 DER format how I can load it, what function in OpenSSl should I use?
4. Suppose I read file_signature, now I must decrypt it using my public key, is there any API for this purpose?
5. Suppose I decrypt file_signature and get hash_1.
6. Now I must load file_data and get hash of it using SHA1 function hash_2, what function I must use? SHA1(), or SHA1_Init+SHA1_Update+SHA1_Finish?
7. Suppose I get hash_1 and hash_2, how i must compare them, using memcmp?
8. Suppose I compare them, if they are equal, i can use file_data.

Another question is that file_signature is 128 byte len and when i decrypt it i get 128 byte hash_1(Am I rigth) , but when i get hash of the file_data hash_2 it's length is only 20 bytes, so how I can compare them, or I misunderstand something?

Thanks for your help! p.s. sorry for my english;).