> For information: I am using this key to encrypt / decrypt files > locally on a > host.
Why not use the RSA key for this purpose, using an established and tested algorithm? Since you have the RSA key, and there are any number of established algorithms to use an RSA key for encryption, why did you roll your own? And, I should note, you've already proved our point a dozen times over. Your code contains three separate bugs, all of them extremely serious. For example, you used the byte size of the *MODULUS* (that's what RSA_size returns) as the hash input size for the private key. If you can't even specify an algorithm, what are the odds that whatever you wind up with will actually be secure? (Sorry to be harsh, but security is not an area where you can 'wing it'. Raally.) DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager majord...@openssl.org
