CMS_Decrypt doesn't need to feed this information explicitly and it will part of CMS envelope of the encrypted data.
Thanks,
Thulasi.
On Tue, 18 Feb 2020 at 17:16, Thulasi Goriparthi <thulasi.goriparthi@xxxxxxxxx> wrote:
Sorry for this. I see that you already knew about it.On Tue, 18 Feb, 2020, 17:08 Thulasi Goriparthi, <thulasi.goriparthi@xxxxxxxxx> wrote:On Tue, 18 Feb, 2020, 16:43 RudyAC, <rpo@xxxxxxxxxxxxxxx> wrote:Hello Thulasi,
thank you for your quick response.
the encryption takes not place in the HSM because we only store the private
keys inside the HSM. For encryption we use the openssl CMS_encrypt()
function. In case of OAEP I use the parameters:
EVP_PKEY_CTX_set_rsa_oaep_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set_rsa_mgf1_md(wrap_ctx, EVP_sha256());
EVP_PKEY_CTX_set0_rsa_oaep_label(wrap_ctx, oaep_label, oaep_label_l);
and call CMS_final() at last.
For decryption we use the HSM where the private keys are stored and the
openssl PKCS11 engine is used.
Therefore we call CMS_decrypt(). Unfortunately there are no OAEP parameters
that can be specified at CMS_decrypt().
By default we do encryption and decryption without HSM. Using the same
functions (CMS_encrypt(),CMS_decrypt()) it works very well. But now it is my
job to do decryption with a HSM (Utimaco).
My question is if there is a possibility to tell CMS_decrypt() that the
encrypted email uses OAEP padding or is there only a problem at the side of
the HSM provider.
Best regards
Rudy
--
Sent from: http://openssl.6102.n7.nabble.com/OpenSSL-User-f3.html
