Taglio PIV Card Sign and Verify Test using OpenSSL

Sign and Verify Test
For more information on the commands used, see


In the example below, replace 77777777 with the pin for the card being tested

$ echo "data to sign" > data
$ pkcs11-tool -r -p 77777777 --id 01 --type cert > pivAuth.cert
Using slot 1 with a present token (0x1)
$ openssl x509 -inform DER -in pivAuth.cert -pubkey > pivAuth.pub
$ pkcs11-tool --id 01 -s -p 77777777 -m RSA-PKCS --input-file data --output-file data.sig
Using slot 1 with a present token (0x1)
Using signature algorithm RSA-PKCS
$ openssl rsautl -verify -inkey pivAuth.pub -in data.sig -pubin
data to sign


Have more questions? Submit a request


Please sign in to leave a comment.
Powered by Zendesk