I'd advise to implement it in such a way that sig_digest of a transaction is taken from server (since a node already has packed version of transaction - this way you don't need to deal with differences between legacy and hf26 version of binary serialization), but the extraction of public key from signature happens on client side, preferably on demand only (that part of the process carries almost all the cost, if you do it on the server you just invite DoS attack).