Would need to some code to help with this. Just leave out any private stuff. I can say I had trouble with this for a few days myself but did get it to work eventually. My issue was the signature encoding. Basically the signature needed to be opensslsign encoded (not hashhmac) and once encoded, you need to strip the extra stuff from the ASN-1 sequence.