Taglio PIV Card Sign and Verify Test using OpenSSL

Sign and Verify Test
For more information on the commands used, see

https://github.com/OpenSC/OpenSC/wiki/Using-pkcs11-tool-and-OpenSSL

In the example below, replace 77777777 with the pin for the card being tested

$ echo "data to sign" > data
$ pkcs11-tool -r -p 77777777 --id 01 --type cert > pivAuth.cert
Using slot 1 with a present token (0x1)
$ openssl x509 -inform DER -in pivAuth.cert -pubkey > pivAuth.pub
$ pkcs11-tool --id 01 -s -p 77777777 -m RSA-PKCS --input-file data --output-file data.sig
Using slot 1 with a present token (0x1)
Using signature algorithm RSA-PKCS
$ openssl rsautl -verify -inkey pivAuth.pub -in data.sig -pubin
data to sign

 

Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.
Powered by Zendesk