The latter seems more preferable if I decide to. Note that this uses the auto-init facility in 1.1.0. (pkcs11-tool) Decrypt the secret key on the secure token (openssl) Use the decrypted secret key to decrypt the actual data It looks like I should be able to implement such a workaround either in Linux shell using pkcs11-tool and openssl utilities or in Python using pkcs11 and OpenSSL libraries.
We will define those further down the page. PKCS1 v1.5 padding should not be used nowadays, because there are efficient attacks against it. This program expects two functions to be defined: 'encrypt' and 'decrypt'. If you want to check compatibility between p圜rypto and PHPs OpenSSL extension, then you would need to encrypt in one, decrypt in the other and check that you got what you expected. In this example the key and IV have been hard coded in - in a real situation you would never do this! Following encryption we will then decrypt the resulting ciphertext, and (hopefully!) end up with the message we first started with. In this example we are going to take a simple message ('The quick brown fox jumps over the lazy dog'), and then encrypt it using a predefined key and IV.
