The API cannot do it. The encoding requires that numbers with the high-bit on have a leading zero to avoid being interpreted as negative numbers as you noticed. You could maybe generate our own RSA numbers with the high-bit off – i.e., make your own RSA_new kind of API. The BN code can have flags to not require the high bit on.
-- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
