Asymetric crypto and OpenSSL 3.0 deprecated functions

Dr. Matthias St. Pierre Matthias.St.Pierre at
Mon May 25 12:34:41 UTC 2020

> The proper protocol would be to just sign the binary by your private
> RSA key and encrypt it with a symmetric key, that you directly pre-
> distribute to your recipients via the same channel that you now use to
> distribute your public RSA key.

I agree with Tomáš, just would like to emphasize that the order of operation matters:
It should be encrypt-then-sign, not vice versa. This ensures that the recipient can
check the integrity of the binary before attempting to decrypt it.


More information about the openssl-users mailing list