https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
Thanks, Thulasi. On Tue, 18 Feb, 2020, 16:43 RudyAC, <r...@compumatica.com> wrote: > Hello Thulasi, > > thank you for your quick response. > > the encryption takes not place in the HSM because we only store the private > keys inside the HSM. For encryption we use the openssl CMS_encrypt() > function. In case of OAEP I use the parameters: > EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256()); > EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256()); > EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, > oaep_label_l); > and call CMS_final() at last. > For decryption we use the HSM where the private keys are stored and the > openssl PKCS11 engine is used. > Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters > that can be specified at CMS_decrypt(). > > By default we do encryption and decryption without HSM. Using the same > functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is > my > job to do decryption with a HSM (Utimaco). > > My question is if there is a possibility to tell CMS_decrypt() that the > encrypted email uses OAEP padding or is there only a problem at the side of > the HSM provider. > > Best regards > Rudy > > > > -- > Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html >
