The following code sign message with recovery, How implementation with C# BouncyCastle?
std::vector<unsigned char> data{ 1,2,3,4,5,6 };
CryptoPP::AutoSeededRandomPool rng;
CryptoPP::InvertibleRSAFunction params;
params.GenerateRandomWithKeySize(rng, 2048);
CryptoPP::RSA::PrivateKey privateKey(params);
CryptoPP::RSA::PublicKey publicKey(params);
CryptoPP::RSASS<CryptoPP::PSSR, CryptoPP::SHA1>::Signer signer(privateKey);
CryptoPP::SecByteBlock signature(signer.MaxSignatureLength(data.size()));
unsigned long signatureLen = signer.SignMessageWithRecovery(rng, &data[0],
data.size(), NULL, 0, signature);
std::vector<unsigned char> encrypted;
encrypted.assign(signatureLen, 0);
memcpy(&encrypted[0], signature.m_ptr, signatureLen);
I think the Iso9796d2PssSigner class in the Org.BouncyCastle.Crypto.Signers namespace should probably do what you want. You can find examples of use in the source of ISO9796Test.cs.