Thanks Quinn, Yes, the certificate got munged in the copy/paste. The new code is larger than the answer character limit, so it's attached as a file. I had to put a .txt extension on it to get it to upload. Quick note for anybody who comes upon this in the future, here are the shell commands I used to transform a PEM formatted file "test.pem" into the format Quinn requested, replace filenames as appropriate. You can copy and paste the results from the terminal right into a swift array in Xcode between the brackets. openssl x509 -in test.pem -out test.der -outform DER hexdump -v -e '1/1 "0x%02, "' test.der main.txt Also of note for any future readers, this code contains a self signed CA certificate(root). I have deleted the private key, but why should you trust me? When you run the code it will import the certificate, but it will be untrusted. Remember to use Keychain Access to delete the certificate after running the code. If it were to become trusted somehow it would be a big security hole on your system If I still had the private key.

The following code worked for me. I ran the code in a playground. The code prints out the public key in pem format (text file friendly). I cut and pasted pem form of the public key into a file named public.key.pem using the terminal and vi. I don't think the use of vi is important here as it's just text. The name isn't important as long as it matches the filename in the openssl command below. Then you cut / paste / execute the two printed echo commands into a terminal. Then you run the following openssl command: openssl dgst -SHA256 -verify public.key.pem -signature sig-ck.dat dataToSign.dat The results from openssl for me are 'Verified OK' I'm using openssl version OpenSSL 1.1.1k 25 Mar 2021 import CryptoKit let privateKey = P256.Signing.PrivateKey() let publicKey = privateKey.publicKey print(publicKey.pemRepresentation) let dataToSign = "squeamish ossifrage".data(using: .utf8)! print("echo \(dataToSign.map { String(format: "%02hhx", $0) }.joined()) | xxd -r -p > dataToSign.dat") let signed = try! privateKey.signature(for: dataToSign) print("echo \(signed.derRepresentation.map { String(format: "%02hhx", $0) }.joined()) | xxd -r -p > sig-ck.dat")

Hi sofacoder, Were you able to figure this out or did you go another route?