On Fri December 19 2008, BiGNoRm6969 wrote: > > Terrible idea ? Can I know why ? If my private key stay private, why a > SHA256 on it can creates a security hole ? >
And just how private is your SHA256 hash of the private key? > > > Victor Duchovni wrote: > > > > On Fri, Dec 19, 2008 at 07:30:51AM -0800, BiGNoRm6969 wrote: > > > >> I am doing a SHA256 on a RSA* private key. I used the result as a > >> symmetric > >> key for AES encryption. > > > > This is a terrible idea. Use PKCS7, S/MIME or CMS. Don't invent your > > own security protocols or message formats. > > > >> /////////////////////////////////////////////////////////////////////////////////////////// > >> int length = RSA_size(rsaPrivateKey); > >> > > > > The "rsaPrivateKey" hers is an in memory data structure with various > > pointers, ... it is not a fixed serialization of the key. For that you > > need to "i2dRSAPrivateKey", but that would be a mistake too, see above. > > > > -- > > Viktor. > > ______________________________________________________________________ > > OpenSSL Project http://www.openssl.org > > User Support Mailing List openssl-users@openssl.org > > Automated List Manager majord...@openssl.org > > > > > ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
