> So when generating a key, how do I determing the size? > > If the bits paramater in RSA_generate_key fuction equals 128, > does this mean > I have created a 128 bit key? > > RSA_generate_key(bits,RSA_F4,NULL,NULL);
Note that a 128-bit RSA key would be completely worthless. 512-bits in the recommended minimum for casual use, 1,024 for commercial use, and 2,048 for high-security applications. In general, you cannot compare directly the number of bits in one algorithm with the number of bits in another. As a rule of thumb, a 1,024-bit RSA key could be considered roughly comparable to an 80-bit AES/3DES key. Typical commercial web applications today use 2,048-bit RSA keys and 128-bit or 256-bit AES/RC4 keys. DS ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List openssl-users@openssl.org Automated List Manager [EMAIL PROTECTED]