Appendix 2

Signature Verification

---

• Signature verification using "SHA256WithRSA" algorithm.
• Partner shall verify the message and signature replied from RPG using the FINEXUS Public Key.

{
    "message":{    
        "sndrRefNo":"FNXS00000001"
        "LkUpRef":"20201015FNXSMYNB6100OT01000001",
        "DisplNm":"JOHN"
        "TxnSts": "ACTC"
        "Rsn":""
    },  
    "signature":"Fk4IcxS9OKHFodg/vCsW73FCkzjJIV+a94epMsGnyDyXxPwRiMzqiM+ZYgKGzHJTN2TipTZ2zZp8x+9H
    r04qPN8GeFvzgTMO1x3kasvhoocUanNW3GZt5KA61VNIa+OAKKONHzZTckwmRFP87+q99MwvTbQ2nJ3SL5ctXYfSDri8P
    aQCiy7cVTjjObiAeTNVC48oLZbcU15JfTz9TyOAGYsMOGvqR+OWkJq3M0sIjwC4s/SVlzV2lG5bRXUfX3Zu///2MAWzLB
    UCfwHSZMPKcQ6zCnXw8MMjQZoLXgpFW/lEDx7HqBYhTY6!rGPBu6iH0SssUj4stfRUcuMhldAuHw=="
}

• Sample code in (Java):

String msg = <retrieve the “message” value from the JSON data>
String signature = <retrieve the “signature” value from the JSON data>

// Decode signature from Base64 format
byte[] sign = Base64.getDecoder.decode(signature);

Signature signature = Signature.getInstance(SHA256WithRSA);
signature.initVerify(publicKey);
signature.update(msg);

boolean verifyInfo = signature.verify(sign);

• If the result of verifyInfo is true, the verification is successful. Else shall report the case to FINEXUS support team.