Hello Thulasi, thank you for your quick response. the encryption takes not place in the HSM because we only store the private keys inside the HSM. For encryption we use the openssl CMS_encrypt() function. In case of OAEP I use the parameters: EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256()); EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256()); EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, oaep_label_l); and call CMS_final() at last. For decryption we use the HSM where the private keys are stored and the openssl PKCS11 engine is used. Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters that can be specified at CMS_decrypt(). By default we do encryption and decryption without HSM. Using the same functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is my job to do decryption with a HSM (Utimaco). My question is if there is a possibility to tell CMS_decrypt() that the encrypted email uses OAEP padding or is there only a problem at the side of the HSM provider. Best regards Rudy -- Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html