CMS decryption of message with OAEP using Hardware security module
Thulasi Goriparthi
thulasi.goriparthi at gmail.com
Tue Feb 18 11:46:53 UTC 2020
Sorry for this. I see that you already knew about it.
On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <
thulasi.goriparthi at gmail.com> wrote:
> https://www.openssl.org/docs/man1.1.0/man3/EVP_PKEY_CTX_ctrl_str.html
>
> Thanks,
> Thulasi.
>
> On Tue, 18 Feb, 2020, 16:43 RudyAC, <rpo at compumatica.com> wrote:
>
>> Hello Thulasi,
>>
>> thank you for your quick response.
>>
>> the encryption takes not place in the HSM because we only store the
>> private
>> keys inside the HSM. For encryption we use the openssl CMS_encrypt()
>> function. In case of OAEP I use the parameters:
>> EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
>> EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
>> EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label,
>> oaep_label_l);
>> and call CMS_final() at last.
>> For decryption we use the HSM where the private keys are stored and the
>> openssl PKCS11 engine is used.
>> Therefore we call CMS_decrypt(). Unfortunately there are no OAEP
>> parameters
>> that can be specified at CMS_decrypt().
>>
>> By default we do encryption and decryption without HSM. Using the same
>> functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is
>> my
>> job to do decryption with a HSM (Utimaco).
>>
>> My question is if there is a possibility to tell CMS_decrypt() that the
>> encrypted email uses OAEP padding or is there only a problem at the side
>> of
>> the HSM provider.
>>
>> Best regards
>> Rudy
>>
>>
>>
>> --
>> Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mta.openssl.org/pipermail/openssl-users/attachments/20200218/27881407/attachment.html>
More information about the openssl-users
mailing list