CMS decryption of message with OAEP using Hardware security module
Thulasi Goriparthi
thulasi.goriparthi at gmail.com
Tue Feb 18 11:38:44 UTC 2020
https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
Thanks,
Thulasi.
On Tue, 18 Feb, 2020, 16:43 RudyAC, <rpo at compumatica.com> wrote:
> Hello Thulasi,
>
> thank you for your quick response.
>
> the encryption takes not place in the HSM because we only store the private
> keys inside the HSM. For encryption we use the openssl CMS_encrypt()
> function. In case of OAEP I use the parameters:
> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label,
> oaep_label_l);
> and call CMS_final() at last.
> For decryption we use the HSM where the private keys are stored and the
> openssl PKCS11 engine is used.
> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters
> that can be specified at CMS_decrypt().
>
> By default we do encryption and decryption without HSM. Using the same
> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is
> my
> job to do decryption with a HSM (Utimaco).
>
> My question is if there is a possibility to tell CMS_decrypt() that the
> encrypted email uses OAEP padding or is there only a problem at the side of
> the HSM provider.
>
> Best regards
> Rudy
>
>
>
> --
> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200218/0a181905/attachment.html>
More information about the openssl-users
mailing list