I am not an expert with encryption, but i am trying to create an CMSEnvelopedDataGenerator with bouncycastle 1.67, where the session key is encrypted with RSAES-OAEP (1.2.840.113549.1.1.7) For now my code looks like this: It runs through but when i check it via openssl asn1parse, i see and then the hex dump. On my reference file it is like: On