> On Apr 6, 2017, at 2:47 PM, Blumenthal, Uri - 0553 - MITLL <uri@xxxxxxxxxx> wrote: > > Would you be able to provide me with a command line that would allow me to > *decrypt* the message? My keys are on a hardware token, so I’ll have to use > "–engine pkcs11 –keyform ENGINE" I have no experience with engines and little interest at present in going there. For CMS decryption without engines: $ openssl cms -decrypt -recip cert.pem -inkey key.pem -in cms.eml If the message is signed and then encrypted, you can then check the signature on the decrypted output. If it is encrypted then signed, you can check the signature prior to decryption with 'openssl cms -verify'. -- Viktor. -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users