To decrypt the output of an AES encryption (aes-256-cbc) we will use the OpenSSL C++ API. Create a CSR from existing private key.openssl req -new -key example.key -out example.csr -[digest], Create a CSR and a private key without a pass phrase in a single command:openssl req -nodes -newkey rsa:[bits] -keyout example.key -out example.csr, Provide CSR subject info on a command line, rather than through interactive prompt.openssl req -nodes -newkey rsa:[bits] -keyout example.key -out example.csr -subj "/C=UA/ST=Kharkov/L=Kharkov/O=Super Secure Company/OU=IT Department/CN=example.com", Create a CSR from existing certificate and private key:openssl x509 -x509toreq -in cert.pem -out example.csr -signkey example.key, Generate a CSR for multi-domain SAN certificate by supplying an openssl config file:openssl req -new -key example.key -out example.csr -config req.conf, Create self-signed certificate and new private key from scratch:openssl req -nodes -newkey rsa:2048 -keyout example.key -out example.crt -x509 -days 365, Create a self signed certificate using existing CSR and private key:openssl x509 -req -in example.csr -signkey example.key -out example.crt -days 365, Sign child certificate using your own CA certificate and its private key. Vulnerability Assessment Tools", Collapse section "1.3.3. The buffer sizes for encryption and decryption are nowhere, sorry for bothering you, you're right, everything is fine now:). Print out the key and IV used then immediately exit: don't do any encryption or decryption. Also, when I pass a huge inputs length (lets say 1024 bytes) my program shows core dumped . Use -showcerts flag to show full certificate chain, and manually save all intermediate certificates to chain.pem file:openssl s_client -showcerts -host example.com -port 443