-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Bertram Scharpf wrote: > Hi, Hello Bertram,
> $ wc -c xxx > 118 xxx > $ openssl rsautl -encrypt -certin <some.crt -in xxx > RSA operation error > 5747:error:0406D06E:rsa routines:RSA_padding_add_PKCS1_type_2:data too > large for key size:rsa_pk1.c:151: > > With 117 Bytes it works here. How can I generally determine > what is the maximum a key is capable of? Encrypting data directly with rsa has some security issues you have to understand unless you compromise the security of the key. With other words: If you can't figure out by yourself the maximum length of data you can encrypt with a given key using the rsautl comand, you shouldn't use it to encrypt data. You should use the openssl smime command. It seems to be adviseable to remove the encrypt/decrypt subcommands for the rsautl command in a future openssl version. Those that can use it, can build a special command for this functionality, all other shouldn't even know that you can use rsa directly to encrypt data. Bye Goetz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with SUSE - http://enigmail.mozdev.org iD8DBQFFxKTK2iGqZUF3qPYRArxpAJ0XlGLEB8y9++oT1dMuIc0zE7xVgQCcDlAx fbfgsRbNnsf2hd2IdnH/giQ= =MZ10 -----END PGP SIGNATURE----- ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]