Hello, > That means, that padding didn't solve the problem of > known-plaintext-, chosen-plaintext-, chosen-cyphertext- or > adaptive-chosen-plaintext-attacks? What about OAEP padding? This padding solves some problems with signing messages. When signing, you can not encrypt ANY text which is given by other side. In RSA for example if you sign (encrypt) two messages: c1 = RSA_sign(m1) c2 = RSA_sign(m2) then: c = c1*c2 mod n is equal to signing of m = m1*m2 mod n but if you pad both messages with pkcs the probability of getting something reasonable from m1*m2 and has pkcs pad structure is very low. Because of this, when verifying signed data you should pay attention on proper message structure after decryption.
Best regards, -- Marek Marcola <[EMAIL PROTECTED]> ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]