Sorry for this. I see that you already knew about it. On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, < thulasi.goripar...@gmail.com> wrote:
> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html > > Thanks, > Thulasi. > > On Tue, 18 Feb, 2020, 16:43 RudyAC, <r...@compumatica.com> wrote: > >> Hello Thulasi, >> >> thank you for your quick response. >> >> the encryption takes not place in the HSM because we only store the >> private >> keys inside the HSM. For encryption we use the openssl CMS_encrypt() >> function. In case of OAEP I use the parameters: >> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256()); >> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256()); >> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, >> oaep_label_l); >> and call CMS_final() at last. >> For decryption we use the HSM where the private keys are stored and the >> openssl PKCS11 engine is used. >> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP >> parameters >> that can be specified at CMS_decrypt(). >> >> By default we do encryption and decryption without HSM. Using the same >> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is >> my >> job to do decryption with a HSM (Utimaco). >> >> My question is if there is a possibility to tell CMS_decrypt() that the >> encrypted email uses OAEP padding or is there only a problem at the side >> of >> the HSM provider. >> >> Best regards >> Rudy >> >> >> >> -- >> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html >> >
