<div dir="ltr">CMS_Decrypt doesn't need to feed this information explicitly and it will part of CMS envelope of the encrypted data.<div><br><div><a href="https://tools.ietf.org/html/rfc3560#page-4">https://tools.ietf.org/html/rfc3560#page-4</a><br></div><div><br></div></div><div>Thanks,</div><div>Thulasi.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi <<a href="mailto:thulasi.goriparthi@gmail.com" target="_blank">thulasi.goriparthi@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Sorry for this. I see that you already knew about it.</div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <<a href="mailto:thulasi.goriparthi@gmail.com" target="_blank">thulasi.goriparthi@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto"><a href="https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html" rel="noreferrer" target="_blank">https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html</a><div dir="auto"><br></div><div dir="auto">Thanks,</div><div dir="auto">Thulasi.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 18 Feb, 2020, 16:43 RudyAC, <<a href="mailto:rpo@compumatica.com" rel="noreferrer" target="_blank">rpo@compumatica.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">Hello Thulasi,<br>
<br>
thank you for your quick response. <br>
<br>
the encryption takes not place in the HSM because we only store the private<br>
keys inside the HSM. For encryption we use the openssl CMS_encrypt()<br>
function. In case of OAEP I use the parameters:<br>
EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());<br>
EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());<br>
EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, oaep_label_l);<br>
and call CMS_final() at last.<br>
For decryption we use the HSM where the private keys are stored and the<br>
openssl PKCS11 engine is used.<br>
Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters<br>
that can be specified at CMS_decrypt().<br>
<br>
By default we do encryption and decryption without HSM. Using the same<br>
functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is my<br>
job to do decryption with a HSM (Utimaco). <br>
<br>
My question is if there is a possibility to tell CMS_decrypt() that the<br>
encrypted email uses OAEP padding or is there only a problem at the side of<br>
the HSM provider.<br>
<br>
Best regards<br>
Rudy<br>
<br>
<br>
<br>
--<br>
Sent from: <a href="http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html" rel="noreferrer noreferrer noreferrer" target="_blank">http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html</a><br>
</blockquote></div>
</blockquote></div>
</blockquote></div>