After an exhausting byte by byte inspection, I got it working. There were two problems in the C# application.
1) I used new RSACryptoServiceProvider(RsaKeySize)
to generate a key pair. The problem is that this generates a key pair for key exchange, not for signing. C# doesn't mind, but it caused trouble in the C++ program. The correct way for generating a key pair is:
CspParameters parameters = new CspParameters();
parameters.KeyNumber = (int)KeyNumber.Signature;
RSACryptoServiceProvider rsa = new RSACryptoServiceProvider(RsaKeySize, parameters);
2) The RSACryptoServiceProvider
reverses its output (signatures, encrypted data). It is mentioned in the documentation. So you need to Array.Reverse()
the computed signature before saving it.