On 9/18/17, 14:50, "openssl-dev on behalf of Douglas E Engert" <[email protected] on behalf of [email protected]> wrote:
Can you also add -pkeyopt rsa_oaep_md:sah256
See crypto/rsa/rsa_pmeth.c pkey_rsa_ctrl_str for the options.
There is also rsa_oaep_label
Thank you!! That saved the day:
$ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out
t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt
rsa_padding_mode:oaep -pkeyopt rsa_mgf1_md:sha256
$ ~/openssl-1.1/bin/openssl pkeyutl -encrypt -in t1264.dat -out
t1264.dat.enc2.oaep -keyform DER -pubin -inkey rsa3072pub.der -pkeyopt
rsa_padding_mode:oaep -pkeyopt rsa_mgf1_md:sha256 -pkeyopt rsa_oaep_md:sha256
$ yhsm2-tool --decrypt -m RSA-PKCS-OAEP --id 0301 -i t1264.dat.enc2.oaep -o
t1264.dat.dec2 --hash-algorithm SHA256
Using slot 0 with a present token (0x0)
Logging in to "YubiHSM".
Please enter User PIN:
Using decrypt algorithm RSA-PKCS-OAEP
OAEP parameters: hashAlg=SHA256, mgf=MGF1-SHA256, source_type=0,
source_ptr=0x0, source_len=0
$ cmp t1264.dat t1264.dat.dec2
$
Where can I see the complete list of the options that “-pkeyopt” supports now?
smime.p7s
Description: S/MIME cryptographic signature
-- openssl-dev mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-dev
