I've managed to make some more progress by decoding the signature before passing it to RSASHAVerify, as follows:

set tX509 ##class(%SYS.X509Credentials).GetByAlias("Cert")

set tData "hello"

set tSignature "CUBMPlVbEKbjFg0nUNz3pwuSwq7tJPg4obsj6LpwbMsEQaDNNw/93V9X0BdgBVzoWN1K7XrG1WX1focFj+EIkeXOJJF7KjQv4p9Xc8JT0wWZ9ivw0+pYvBtMSzP9JEVzapt2Cr+QoBT47yEMeCAxt7Ka7q7xLpxxpAvDQ+QE3Mg="

set tSignature = $system.Encryption.Base64Decode(tSignature)

set isValid $SYSTEM.Encryption.RSASHAVerify(256, tDatatSignaturetX509.Certificate)

"isValid: " isValid

$SYSTEM.Encryption.RSASHA1GetLastError()

 

which provides the output:

isValid: 0

error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01;error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed;

Thank you Mclean,

The string "hello" is actually a dummy value that i have added (not allowed to disclose actual value due to sensitivity of data).

The signature comes from a third party connecting to us, they did supply me with C# code that verified the signature successfully.

What I can say though is that tried the method ($SYSTEM.Encryption.RSAGetLastError()) you mentioned above and it responded with the following: 


error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length;