Given a private key, its coresponding public key, and a digital
signature (but no content), can one prove the signature was generated
using the private key? If so, which combinations of the above can
prove it?
Under CMS, the signature is produced as follows (using typical algorithm
choices):
content -> sha1 -> content-digest
content-digest + other signed attributes -> sha1 -> digest-to-sign
digest-to-sign -> ASN.1 wrapper and DER encoding-> digestInfo
digestInfo -> EMSA-PKCS1-v1_5 encoding -> big-ol'-int
big-ol'-int -> private key operation -> signature
So if you have the signature and the public key, you can reverse the last
step to retrieve the big-ol'-int and verify that it looks 1.5 encoded --
this would prove that the corresponding private key was used. The remaining
verification steps serve to bind the signature with the content and/or other
signed attributes.
YMMV with other signing schemes.