The documentation (perldoc + web page) for EVP_SealInit state that: EVP_SealInit() initializes a cipher context <ctx> for encryption with cipher <type> using a random secret key and IV supplied in the <iv> parameter. That is not true, however, as we can see in p_seal.c (82-83): if (EVP_CIPHER_CTX_iv_length(ctx)) RAND_pseudo_bytes(iv,EVP_CIPHER_CTX_iv_length(ctx)); iv actually works as a return parameter, which should be supplied to EVP_Open. Should this be the case? Is this a bug or a feature? It spares the programmer from having to generate an iv, but it also forces him/her to pass the iv together with the encoded message... Shouldn't the p_seal code match the manual? Regards, Pedro. -- Pedro Miller Rabinovitch Gerente Geral de Tecnologia Cipher Technology www.cipher.com.br ______________________________________________________________________ OpenSSL Project http://www.openssl.org User Support Mailing List [EMAIL PROTECTED] Automated List Manager [EMAIL PROTECTED]