RSA signature verification

I am attempting to encrypt and sign a file using RSA2048 with SSP 1.3.0 and have an issue with verifying the signature.

I use the following steps with openssl on the server side:

openssl genrsa -des3 -out private.pem 2048 # generate keys

openssl rsa -in private.pem  -outform PEM -pubout -out public.pem # extract public key

openssl rsa -inform PEM -in private.pem -pubout -outform DER -text # export plaintext of key components

>>> modified S7 code to include key components using a python script to generate the C code

openssl rsautl -encrypt -inkey public.pem -pubin -in file -out file.pkg # encrypt file with public key

openssl rsautl -decrypt -inkey private.pem -in file.pkg -out file.pkg.test # decrypt file with private key

cmp file file.pkg.test # verify encrypt/decrypt returns original file

openssl dgst -sha256 -sign private.pem -out file.pkg.sign file.pkg # sign file.pkg

openssl dgst -sha256 -verify public.pem -signature file.pkg.sign file.pkg # verify signature 

run a python script to byte swap file.pkg

transfer the byte swapped file to a SK-S7G2 using USB Mass Storage

// prepare keys on SK

memcpy(rsa_private_key, rsa2048_private_exponent, 256);

memcpy(rsa_private_key + 64, rsa2048_private_key_modulus, 256);

memcpy(rsa_public_key, rsa2048_public_exponent, 4);

memcpy(rsa_public_key + 1, rsa2048_public_modulus, 256);

// open and configure crypto components (not shown)

// attempt to verify signature - THIS FAILS with SSP_ERR_CRYPTO_SCE_VERIFY_FAIL

// I tried both a byte swapped and non-byte swapped version of the signature with the same results.

g_rsa2048_on_sce.verify(g_sce_rsa_0.p_ctrl, rsa_public_key, NULL, file_size / sizeof(uint32_t), signature, (uint32_t *)file.pkg); // file.pkg = byte swapped file read from USB into a buffer

// decrypt file

g_rsa2048_on_sce.decrypt(g_sce_rsa_0.p_ctrl, rsa_private_key, NULL, file_size / sizeof(uint32_t), (uint32_t *)file.pkg, (uint32_t *)d_file.pkg);

Byte swap d_file.pkg buffer

I successfully obtain the original plaintext file after decrypt() and byte swap.

Am I missing a part of the process or doing something incorrectly for signature verification?

thanks,

pete