Re: [Opensc-devel] Issues verifying PIV signatures

[Charlie B. <cha...@gm...>]

Ok, I finally tracked down the source of the issue.  Markus, you were dead
on.  Thank you!  It turns out that the APDU on the wiki to erase the
previous certificate was being rejected by the card when I provisioned it.
 The response was swallowed by my provisioning script and never reported to
me.  Because I reprovisioned the card without deleting the old cert, the
public key was never updated for the new private key which caused all of
these signing issues to pop up.

My solution was to change the PUT DATA APDU for the 9A key to the following:
 piv-tool -A A:9B:03 -s 00:DB:3F:FF:07:5C:03:5F:C1:05:53:00

It seemed to like the 1 byte NULL instead of the 3 byte.  I am not sure if
that happens to be a quirk of the card I am using or if that is something
that is seen everywhere and the documentation needs to be updated.

Thanks again for helping out with this Markus and Douglas