In message <[EMAIL PROTECTED]>, "Scott G. Kelly" writes: >I have a question regarding RSA encryption - forgive me if this seems >amateur-ish -, but 'm still a beginner. I seem to recall reading >somewhere that there is some issue with directly encrypting data with an >RSA public key, perhaps some vulnerability, but I can't find any >reference after a cursory look. Does anyone know of any issue with using >RSA encryption to encrypt a symmetric key under the target's public key >if the encrypted value is public (e.g. sent over a network)? >
Transmitting a private key under RSA encryption can have subtle failure modes. I suggest that you use a published standard such as OAEP, from PKCS #1. --Steve Bellovin, http://www.research.att.com/~smb (me) http://www.wilyhacker.com (2nd edition of "Firewalls" book) --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]