On the other hand, merlin-xmlenc-five/encrypt-element-aes128-cbc-rsa-1_5 is also failing all 3 tests but in that case we use private key from pkcs12 file for decryption. I guess the main problem is the padding. Aleksey