@Reon - We noticed something similar, and it was due to the calculation of the 32-byte shared/agreed secret. If the secret had any leading zero bytes (0x00), then the secret was calculated as < 32 bytes. If using Bouncy Castle, and if you are doing this... IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(privateKeyParams); BigInteger agreedSecretValue = agreement.CalculateAgreement(publicKeyParams); byte[] agreedSecret = agreedSecretValue.ToByteArrayUnsigned(); ...then do this instead... IBasicAgreement agreement = AgreementUtilities.GetBasicAgreement("ECDH"); agreement.Init(privateKeyParams); BigInteger agreedSecretValue = agreement.CalculateAgreement(publicKeyParams); byte[] sharedSecretBytes = BigIntegers.AsUnsignedByteArray(agreement.GetFieldSize(), agreedSecretValue); That will make sure the agreed secret is returned in a correctly sized byte array, regardless of any leading zeros. Hope this helps.

Does Apple now look for the verification file with a .txt extension? The Apple Developer console suggests so. If true, when did this change? https://example.com/.well-known/apple-developer-merchantid-domain-association https://example.com/.well-known/apple-developer-merchantid-domain-association.txt