CMS decryption of message with OAEP using Hardware security module
RudyAC
rpo at compumatica.com
Mon Feb 17 13:52:15 UTC 2020
Hi,
I have the requirement to decrypt e-mails where RSA-OAEP padding is used. I
use the library openssl-1.0.2k and decrypt with CMS container (CMS_decrypt).
This works very well unless the private key is stored in a Hardware security
module and the cryptographic operation is performed via the PKCS11 engine
from openssl.
When decrypting an email which uses OAEP I got the error message:
47235129370352:error:06065064:digital envelope
routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529:
To analyze the problem I encrypted an clear text using OAEP padding and
setup a decryption function using
RSA_private_decrypt(). Here I use padding mode "RSA_NO_PADDING" and the
decryption also works with the PKCS11 engine. Unfortunately CMS does not
support setting the padding mode.
For any comments I would be very grateful
Regards Rudy
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
More information about the openssl-users
mailing list