How to sign with RSASSA-PSS in Java correctly?

Question

I need to code this openssl-sign-instruction in java.

openssl dgst -sha256 -binary -out "signaturefile".sig -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -sign "privatekey".pem "file2sign"

This instruction comes from Bundeszentralamt für Steuern (BZSt) - ELMA-File-Upload.

Bitte stellen Sie die Signaturerstellung daher auf RSASSA-PSS mit folgenden Parametern um:

Hashverfahren: SHA-256

Mask Generation Function: MGF1 mit SHA-256 Länge des Salts: 32 Byte Trailer Field: 0xBC

I've already tried different signature algorithms (with and without bouncycastle) but didn't get the same signature-result as with openssl.

This is what I'm doing.

public class SignTest {

    public static void main(String[] args){
        Security.addProvider(new BouncyCastleProvider());

        Signature signatureSHA256Java = Signature.getInstance("SHA256withRSA/PSS");
        signatureSHA256Java.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));

        signatureSHA256Java.initSign(KeyManagerHelper.getPrivateKeyFromKeyStore("privatekey"));
        signatureSHA256Java.update(byteArray);
        byte[] signSHA256Java = signatureSHA256Java.sign();

        // after that I compare the Java-sign-bytearry with the openssl one
        System.out.println("signSHA256Java == signSHA256Openssl:\n" + Arrays.equals(signSHA256Java, signSHA256Openssl));
    }
}

Answer 1

I edited my question with the correct algorithm to create the signature with java bouncycastle.

Signature signatureSHA256Java = Signature.getInstance("SHA256withRSA/PSS");
signatureSHA256Java.setParameter(new PSSParameterSpec("SHA-256", "MGF1", MGF1ParameterSpec.SHA256, 32, 1));

You can verify the java generated signature with openssl like that

openssl dgst -sha256 -sigopt rsa_padding_mode:pss -sigopt rsa_pss_saltlen:-1 -verify "publickey".pem -signature "signaturefile".sig "file2sign"