Menu
▾
▴
Re: [Opensc-devel] Issues verifying PIV signatures
|
From: Markus K. <ko...@rr...> - 2013-08-24 10:48:47
|
Hello,
I do not have a PIV card, but opensc compatible cards, a Dell Keyboard
with integrated reader, opensc 0.12 and openssl 1.0.1.
On 08/23/2013 05:27 PM, Charlie Bancroft wrote:
> I am not sure if this is more of a question for the OpenSC-devel or for
> the OpenSSL lists but here it goes.
The attached script works fine for me.
Basically I disabled pinpad in opensc.conf, added
-pre VERBOSE \
-pre PIN:$3
removed -pre NO_VCHECK:1
result is, it does not complain about anything and the resulting file is
verified.
./sign.sh sign.sh slot_1-id_23102b881918fc430affa651939f76520ea26169 823423
...
13:d=1 hl=2 l= 20 prim: OCTET STRING [HEX
DUMP]:B6716639213C8E94BD7F108F9498E0FB97726544
sha1sum sign.sh
b6716639213c8e94bd7f108f9498e0fb97726544 sign.sh
Maybe you got a public key on the card which does not match the private
key with the same id?
I'd format the card, recreate the key.
And - in case there were any changes, reset openssl.cnf
MfG
Markus
|
