1 comment

[ 3.0 ms ] story [ 17.8 ms ] thread
What padding mode is this using? Looking at the code, I think it's using raw RSA to encrypt the data directly. That may be vulnerable to several attacks.

I may not understand your application correctly, but it's unclear why you're even using public key crypto. It appears that you must type a passphrase to access both a public and private key that live on the same server. Why not just use a symmetric key?

Cautionary advice about rolling your own crypto: http://www.youtube.com/watch?v=ySQl0NhW1J0