CMS_Decrypt doesn't need to feed this information explicitly and it will part of CMS envelope of the encrypted data.
https://tools.ietf.org/html/rfc3560#page-4 Thanks, Thulasi. On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi < thulasi.goripar...@gmail.com> wrote: > Sorry for this. I see that you already knew about it. > > On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, < > thulasi.goripar...@gmail.com> wrote: > >> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html >> >> Thanks, >> Thulasi. >> >> On Tue, 18 Feb, 2020, 16:43 RudyAC, <r...@compumatica.com> wrote: >> >>> Hello Thulasi, >>> >>> thank you for your quick response. >>> >>> the encryption takes not place in the HSM because we only store the >>> private >>> keys inside the HSM. For encryption we use the openssl CMS_encrypt() >>> function. In case of OAEP I use the parameters: >>> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256()); >>> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256()); >>> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, >>> oaep_label_l); >>> and call CMS_final() at last. >>> For decryption we use the HSM where the private keys are stored and the >>> openssl PKCS11 engine is used. >>> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP >>> parameters >>> that can be specified at CMS_decrypt(). >>> >>> By default we do encryption and decryption without HSM. Using the same >>> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it >>> is my >>> job to do decryption with a HSM (Utimaco). >>> >>> My question is if there is a possibility to tell CMS_decrypt() that the >>> encrypted email uses OAEP padding or is there only a problem at the side >>> of >>> the HSM provider. >>> >>> Best regards >>> Rudy >>> >>> >>> >>> -- >>> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html >>> >>
