CMS decryption of message with OAEP using Hardware security module
rpo at compumatica.com
Mon Feb 17 13:52:15 UTC 2020
I have the requirement to decrypt e-mails where RSA-OAEP padding is used. I
use the library openssl-1.0.2k and decrypt with CMS container (CMS_decrypt).
This works very well unless the private key is stored in a Hardware security
module and the cryptographic operation is performed via the PKCS11 engine
When decrypting an email which uses OAEP I got the error message:
To analyze the problem I encrypted an clear text using OAEP padding and
setup a decryption function using
RSA_private_decrypt(). Here I use padding mode "RSA_NO_PADDING" and the
decryption also works with the PKCS11 engine. Unfortunately CMS does not
support setting the padding mode.
For any comments I would be very grateful
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
More information about the openssl-users