syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer);
}
syslog(LOG_DEBUG, _("Generated random meta key (unencrypted): %s"), buffer);
}
- /* Encrypt the random data */
+ /* Encrypt the random data
+
+ We do not use one of the PKCS padding schemes here.
+ This is allowed, because we encrypt a totally random string
+ with a length equal to that of the modulus of the RSA key.
+ */
- if(RSA_public_encrypt(len, cl->cipher_outkey, buffer, cl->rsa_key, RSA_NO_PADDING) != len) /* NO_PADDING because the message size equals the RSA key size and it is totally random */