Cant encrypt key

Hi, I'm trying to use e
object RSA: TRSAEncSign
Version = '4.3.3.0'
encType = oaep
hashFunction = sha256
keyLength = kl2048
Unicode = yesUni
outputFormat = base64
pssSaltLen = 0
withOpenSSL = True

to encrypt sign in key as mentioned in this document
https://isecure.fi/wsapi_v2/index.html#operation--account--Email---Mode--put

are able to do it with:
openssl-1.0.2u-x64_86-win64\openssl.exe rsautl -oaep -encrypt -pubin -inkey test.pem -in req.txt -out req.sign
openssl.exe base64 -A -in req.sign -out res.txt

RSA.withOpenSSL := true;
RSA.FromOpenSSLPublicKey(path);
key := RSA.Encrypt(pw);

but are getting error: RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error
from supplier, so some thought on this?
I've tried all kind of combination without any luck.

Hi, can you try with pssSaltLen = 20?
bernard

I cant get it to work, but I've tried by creating a sample project:
object rsa: TRSAEncSign
Version = '4.3.3.0'
pssSaltLen = 0
Left = 304
Top = 224
end

procedure test;
var
s,pw:string;
fs:TMemoryStream;
begin
pw := 'my test text';
RSA.withOpenSSL := true;
RSA.FromPublicKeyFile('public-key.pem');
s := rsa.Encrypt(pw);
fs := TMemoryStream.Create;
fs.Size := length(s) div 2;
HexToBin(pansichar(s),fs.Memory,fs.Size);
fs.SaveToFile('C:\openssl\test\encoded.txt');
end;

openssl genrsa -out private-key.pem 2048
openssl rsa -in private-key.pem -pubout -out public-key.pem

openssl rsautl -oaep -decrypt -inkey private-key.pem -in encoded.txt
result:
RSA operation error
15580:error:040A1079:rsa routines:RSA_padding_check_PKCS1_OAEP_mgf1:oaep decoding error:.\crypto\rsa\rsa_oaep.c:264:
15580:error:04065072:rsa routines:RSA_EAY_PRIVATE_DECRYPT:padding check failed:.\crypto\rsa\rsa_eay.c:591:

Would you help with producing a working example?

I couldn't make it work either, so I tried to decrypt with TMS CP and found and issue with the key format in SetPrivateExponent. A key provided in hex shall not be converted to hex again.
Once fixed, I could decrypt.
I'll do more tests to understand what's wrong.