Terrible idea ? Can I know why ? If my private key stay private, why a SHA256 on it can creates a security hole ?
Victor Duchovni wrote: > > On Fri, Dec 19, 2008 at 07:30:51AM -0800, BiGNoRm6969 wrote: > >> I am doing a SHA256 on a RSA* private key. I used the result as a >> symmetric >> key for AES encryption. > > This is a terrible idea. Use PKCS7, S/MIME or CMS. Don't invent your > own security protocols or message formats. > >> /////////////////////////////////////////////////////////////////////////////////////////// >> int length = RSA_size(rsaPrivateKey); >> > > The "rsaPrivateKey" hers is an in memory data structure with various > pointers, ... it is not a fixed serialization of the key. For that you > need to "i2dRSAPrivateKey", but that would be a mistake too, see above. > > -- > Viktor. > ______________________________________________________________________ > OpenSSL Project http://www.openssl.org > User Support Mailing List openssl-users@openssl.org > Automated List Manager majord...@openssl.org > > -- View this message in context: http://www.nabble.com/Question-about-SHA256-on-a-RSA*-key-tp21093222p21100929.html Sent from the OpenSSL - User mailing list archive at Nabble.com. ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
