question about rsa encryption
Steven M. Bellovin
smb at research.att.com
Mon Feb 3 15:28:14 EST 2003
In message <3E3EC816.67907732 at bstormnetworks.com>, "Scott G. Kelly" writes:
>I have a question regarding RSA encryption - forgive me if this seems
>amateur-ish -, but 'm still a beginner. I seem to recall reading
>somewhere that there is some issue with directly encrypting data with an
>RSA public key, perhaps some vulnerability, but I can't find any
>reference after a cursory look. Does anyone know of any issue with using
>RSA encryption to encrypt a symmetric key under the target's public key
>if the encrypted value is public (e.g. sent over a network)?
>
Transmitting a private key under RSA encryption can have subtle failure
modes. I suggest that you use a published standard such as OAEP, from
PKCS #1.
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at wasabisystems.com
More information about the cryptography
mailing list