Hi, I have the requirement to decrypt e-mails where RSA-OAEP padding is used. I use the library openssl-1.0.2k and decrypt with CMS container (CMS_decrypt). This works very well unless the private key is stored in a Hardware security module and the cryptographic operation is performed via the PKCS11 engine from openssl. When decrypting an email which uses OAEP I got the error message: 47235129370352:error:06065064:digital envelope routines:EVP_DecryptFinal_ex:bad decrypt:evp_enc.c:529: To analyze the problem I encrypted an clear text using OAEP padding and setup a decryption function using RSA_private_decrypt(). Here I use padding mode "RSA_NO_PADDING" and the decryption also works with the PKCS11 engine. Unfortunately CMS does not support setting the padding mode. For any comments I would be very grateful Regards Rudy -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
