Asymetric crypto and OpenSSL 3.0 deprecated functions
Dr. Matthias St. Pierre
Matthias.St.Pierre at ncp-e.com
Mon May 25 12:34:41 UTC 2020
> The proper protocol would be to just sign the binary by your private
> RSA key and encrypt it with a symmetric key, that you directly pre-
> distribute to your recipients via the same channel that you now use to
> distribute your public RSA key.
I agree with Tomáš, just would like to emphasize that the order of operation matters:
It should be encrypt-then-sign, not vice versa. This ensures that the recipient can
check the integrity of the binary before attempting to decrypt it.
More information about the openssl-users