go to post Louis Burger · Apr 14, 2022 I've managed to make some more progress by decoding the signature before passing it to RSASHAVerify, as follows: set tX509 = ##class(%SYS.X509Credentials).GetByAlias("Cert") set tData = "hello" set tSignature = "CUBMPlVbEKbjFg0nUNz3pwuSwq7tJPg4obsj6LpwbMsEQaDNNw/93V9X0BdgBVzoWN1K7XrG1WX1focFj+EIkeXOJJF7KjQv4p9Xc8JT0wWZ9ivw0+pYvBtMSzP9JEVzapt2Cr+QoBT47yEMeCAxt7Ka7q7xLpxxpAvDQ+QE3Mg=" set tSignature = $system.Encryption.Base64Decode(tSignature) set isValid = $SYSTEM.Encryption.RSASHAVerify(256, tData, tSignature, tX509.Certificate) w "isValid: " _ isValid w $SYSTEM.Encryption.RSASHA1GetLastError() which provides the output: isValid: 0 error:0407006A:rsa routines:RSA_padding_check_PKCS1_type_1:block type is not 01;error:04067072:rsa routines:RSA_EAY_PUBLIC_DECRYPT:padding check failed;
go to post Louis Burger · Apr 14, 2022 Thank you Mclean, The string "hello" is actually a dummy value that i have added (not allowed to disclose actual value due to sensitivity of data).The signature comes from a third party connecting to us, they did supply me with C# code that verified the signature successfully. What I can say though is that tried the method ($SYSTEM.Encryption.RSAGetLastError()) you mentioned above and it responded with the following: error:04091077:rsa routines:INT_RSA_VERIFY:wrong signature length;
