Another option is to perform a pairwise consistency test each time the private key is used. In other words every time you generate a signature you then use the public-key components to verify it (which my code does anyway just as a general precaution). Question: Will this catch all possible problems? Peter.