While experimenting to solve my issue posted here, Kem Tekinay recollected that Xojo only used SHA-1 for the hash used as part of the crypto RSA functions.
While making modifications and testing to try getting a little farther in fixing my issue, I changed my Go client’s rsa.EncryptOAEP() to use a sha1.New() instead of sha512.New(), and part of the message was finally getting decrypted on the Xojo app when it decrypted the received stream of []bytes!
Question is, does anyone know if the situation with Xojo is what Kem speculated, that it’s only able to use SHA-1? I’m not sure how much this affects the security of the encrypted traffic.