Hi,
I am also facing the same problem.
Everything seems to be in line with SAP documentation, but the secKey is still not validating properly.
First I compute the hash from the message. The text form of message is similar on both sides of communication (SAP and Content Server). Then the message goes to be signed. It results in PKCS#7 message encoded with base64 sent in secKey by SAP.
On CS side I decode secKey and parse PKCS7 message. I find there messageDigest and the message itself. There is a first confusion: should the messageDigest or the message be the subject for verification? I put both of them to verification and it fails all the time.
Has anyone any ideas what can be wrong in this way?