question about rsa encryption

Steven M. Bellovin smb at
Mon Feb 3 15:28:14 EST 2003

In message <3E3EC816.67907732 at>, "Scott G. Kelly" writes:
>I have a question regarding RSA encryption - forgive me if this seems
>amateur-ish -, but 'm still a beginner. I seem to recall reading
>somewhere that there is some issue with directly encrypting data with an
>RSA public key, perhaps some vulnerability, but I can't find any
>reference after a cursory look. Does anyone know of any issue with using
>RSA encryption to encrypt a symmetric key under the target's public key
>if the encrypted value is public (e.g. sent over a network)?

Transmitting a private key under RSA encryption can have subtle failure 
modes.  I suggest that you use a published standard such as OAEP, from 
PKCS #1.

		--Steve Bellovin, (me) (2nd edition of "Firewalls" book)

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at

More information about the cryptography mailing list