SHA256 Signing with RSA PSS padding
Hi everyone,
I have a project which requires the sending of JSON messages to an external service provider using REST. The service provider requires the message contents to be signed.
Their instructions:
- Add a header called "Date" with the the date and time in a specific format - done
- Add the client's certificate password in a field in the header - done
- Create a string which consist of the {Date}{newline}{Password}{newline}{etc}{Message Body}.
- Convert to a UTF8 byte array
- SHA256 sign the value with the certificate and private key and use RSA PSS padding
- Base 64 Encode the value and place it in a Signature field in the header.
I've done the following:
- Set up X.509 credentials using the certificate and private key files
- Created the string to sign as per their instruction
- Performed a $zconvert, 'O', 'UTF8' on the string
- Used %SYSTEM.Encryption -> RSASHASign() and Base64Encode()
This does not seem to be correct, as the service provider keeps rejecting the messages.
Is there a way to specify the RSA padding to be PSS?
Am I using the wrong method?
Does this method actually use PSS padding and I should look for the problem somewhere else?
Are these methods endian-ness aware?
Thank you in advance.