I'm assembling the SGP.22 GetBoundProfilePackage response that starts with the InitialiseSecureChannelRequest for which I'm getting a 02 error code that corresponds to invalidSignature in smdpSign in InitialiseSecureChannelRequest.
To compute signature I have concatenated following components (in this order like defined in SGP.22):
- remoteOpId
- transactionId
- controlRefTemplate
- smdpOtPk
- euiccOtPk
with their ASN.1 form with same tags as I set in InitialiseSecureChannelRequest structure. Then I prepared digital signature using same algorithms like for authenticateServer and authenticateClient signatures and sign it with DPpb key. But eUICC still responds with 02 error code within ISC block.
Any ideas what could be wrong here?