Completely agree. This is some really, really strange stuff that we're being asked to do to interface with their code. I never expected that we'd find something that looks exactly like a security problem, and then find out that the solution is something that seems to actually weaken security through complexity and baroque style.
The trouble is that none of us knows. And that the signing docs are.... enormous. What is the purpose of all the complexity?