Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Please unblock package softhsm There's a security bug that we have agree that doesn't need to be fixed in wheezy, but I forgot to fix it in jessie. The patch comes from upstream and looks simple enough (just a couple of opens with S_IRUSR | S_IWUSR before opening the file for writting). $ diffstat softhsm_1.3.7-2.debdiff changelog | 9 ++ control | 4 gbp.conf | 4 patches/SUPPORT-101.patch | 198 ++++++++++++++++++++++++++++++++++++++++++++++ patches/series | 1 5 files changed, 212 insertions(+), 4 deletions(-) (Vcs-URLs and GBP configuration fixes also included.) unblock softhsm/1.3.7-2 - -- System Information: Debian Release: jessie/sid APT prefers testing APT policy: (990, 'testing'), (700, 'unstable') Architecture: amd64 (x86_64) Kernel: Linux 3.2.0-4-amd64 (SMP w/4 CPU cores) Locale: LANG=en_DK.UTF-8, LC_CTYPE=en_DK.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUfJ+IXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHTRMP+gNoezXk2RrvKrpI389vG3+R ZAQZrEA3302e7gEd+bnyQ2H4HQ8X8cXCpcRpXiDCk9bKWo35acMSUcMXudS90eAg 2UPU7rAvGBpYmyn4BuMtzt8FxxYCHmDtGH/BWSiZaFqtzmLJwfRnh8o6g8vgVgSZ a1H2npmtjHmD2feToxSBwRa0fC2anLqPM1E9V3yUqIMosTNV8nLBnFJLiLkgUxVN 8IgTBVK2+aCpA1lGdCmInURZwKS1B+jEy7ObwipTv7K1fkRxarEuF10BhiBvwvVc BOwN9RwJTf7mQfu+aaaIRMSrtfs9kt98UYLS+ryNnrAlCRgz8LJYYFsLgXXoIEGP VHwAx3eTCnP+C3zt7hu7v8MnQ1Fuw0HLeS7GTeeBPcepc78MODG1LijwQ0DIvLQ4 SQskOa6KZ9dSAji/diu3X5cV5fJrVSoccAwEx1GnnjfgKLkwk7wfUnoZzvSKwAz7 xgdh/LbW1o8Wq3JZ7iTHS+EgQRJg1x5bsBA1G9WZlFFQK2sPodnzQwTlOmZtrovK Ma2n4dq3LzCHRtbHm50iBAS3j5sVkumGXu1Kwe/+CHTqGesBlvQi06Wj7BAv3xLr J3oHk/tERh3ZkS/pGepAKVGoXeRk7XcBkUK/DzKwGJucoDIQIrOGt3R8mIZsdJ1i gVgF52i+ImFB/C4SBvRA =Fg5l -----END PGP SIGNATURE-----
Attachment:
softhsm_1.3.7-2.debian.tar.xz
Description: application/xz
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 3.0 (quilt) Source: softhsm Binary: softhsm-common, softhsm, libsofthsm-dev, libsofthsm, softhsm-dbg Architecture: any Version: 1.3.7-2 Maintainer: Ondřej Surý <ondrej@debian.org> Homepage: http://trac.opendnssec.org/wiki/SoftHSM Standards-Version: 3.9.1 Vcs-Browser: http://anonscm.debian.org/?p=pkg-nlnetlabs/softhsm.git Vcs-Git: git://anonscm.debian.org/pkg-nlnetlabs/softhsm.git Build-Depends: quilt (>= 0.46-7~), debhelper (>= 7.0.50~), autotools-dev, libbotan1.10-dev (>= 1.10.0-1~), libsqlite3-dev (>= 3.4.2), hardening-wrapper, autoconf, dh-autoreconf, automake, libtool Build-Conflicts: libbotan1.8-dev Package-List: libsofthsm deb libs extra arch=any libsofthsm-dev deb libdevel extra arch=any softhsm deb admin extra arch=any softhsm-common deb admin extra arch=any softhsm-dbg deb debug extra arch=any Checksums-Sha1: e8bf4269472f9e63d1dfeda238b1d542d6c036f2 438437 softhsm_1.3.7.orig.tar.gz c6ff73a951409ac6f903745b1760cc55c9ec2aa4 8828 softhsm_1.3.7-2.debian.tar.xz Checksums-Sha256: d12d6456a85561266d9da427565f3ee3746a35df6670d5e6be75de253c2810a4 438437 softhsm_1.3.7.orig.tar.gz fbfa54f534125903493bbba3425844adeac665328808c2a60c86175f15556630 8828 softhsm_1.3.7-2.debian.tar.xz Files: acfda39ee23c32f38ee51692d6c6a44b 438437 softhsm_1.3.7.orig.tar.gz 315b2804602ca9110a49a39ec9cdc179 8828 softhsm_1.3.7-2.debian.tar.xz -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUfJ8DXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHrvYP/01JMr66P+XusLqKPrE5SAZu 3xuv+bWo79n2Hs4lur7ASLiTmm8tl+shuQ06d64jBYQsBJuG1wRf9FV6Di4G/TWw 5T0cDTtSx569MURDt2ry+EVG0yN989sZbpH2/fZ2soD+IgY8wR1dM9CuAFrKxbyf kKP6f5QP1IW3a36QP8tSXIfn2V6sdpoeyzA2AOtb4i4YAzm5rfgk4703lnit+Z82 PmhRRhKD2qd0ZNc7c495dEERY2wmT2CVk496f8iSm26u6mr6aBdvx9zU0RW4L/qu qTJz9J1ZY/2WZgeQv5LRF1jDetrDhZHG5W7f3UFXvDxqqEwOG9nvFKgt1WPwo+QX 1I2goM9apkC/Q2TSdGTrdiH73Z6cynGA+n4HGVbiZRpApR1aIwqqBhc29TIsZtqI 7IM++EVLN9hSYi5qQH27tnMU7RmkkVA4sgzLAMhYltNnp3yv8VGyKaxcuSVi2kmf 9s1mOwxqAgA+rEMiMl5PbIAPmcdtSHetOhvep/OiqDPu6qwa37aqDUBJAZ5Umizj L76NUVLDTJRewExe/HQkqaKYycjYxtqdnLTWRtfVzWzyMUCC/HLCo5mRi3MH5D78 Zx7ADBmEccebeidKGbg0AZ0f2gTgM1/1AJObipO7ld32oYvUUKspVTLoHIpz+IBL J1AozIwhEA2WG3FjfpJu =KCHc -----END PGP SIGNATURE-----
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Mon, 01 Dec 2014 17:52:05 +0100 Source: softhsm Binary: softhsm-common softhsm libsofthsm-dev libsofthsm softhsm-dbg Architecture: source amd64 Version: 1.3.7-2 Distribution: unstable Urgency: medium Maintainer: Ondřej Surý <ondrej@debian.org> Changed-By: Ondřej Surý <ondrej@debian.org> Description: libsofthsm - a cryptographic store accessible through a PKCS #11 libsofthsm-dev - a cryptographic store accessible through a PKCS #11 softhsm - a cryptographic store accessible through a PKCS #11 softhsm-common - a cryptographic store accessible through a PKCS #11 softhsm-dbg - Debug symbols for SoftHSM Closes: 752092 Changes: softhsm (1.3.7-2) unstable; urgency=medium . * Fix softhsm-keyconv creating security-sensibe file world-readable (Closes: #752092) * Update Vcs-Urls to point to anonscm.debian.org * Standardize gbp repository layout Checksums-Sha1: 4c35616ee05d048a2375f4cee1436a6b73368c68 2357 softhsm_1.3.7-2.dsc c6ff73a951409ac6f903745b1760cc55c9ec2aa4 8828 softhsm_1.3.7-2.debian.tar.xz 0518fb60f5350f82dcf7901b0d2f0066385e6ff4 10664 softhsm-common_1.3.7-2_amd64.deb 83fba268f1fd131b057d2bfa27759a52a77a3a18 36342 softhsm_1.3.7-2_amd64.deb bd313351be1f9cc74531e8ae31f34d86698f2ff0 55302 libsofthsm-dev_1.3.7-2_amd64.deb 24020d12d2ab913dda0f69c63ffc8d00c8bfe74c 42530 libsofthsm_1.3.7-2_amd64.deb 2957155e0e75d437afdc0f6c23b2111348e8f6d9 362020 softhsm-dbg_1.3.7-2_amd64.deb Checksums-Sha256: 1a892255d2de9cb84ec2e3b60c314e81f1e0b4cdb1db2bffa3c0ae81958d57a0 2357 softhsm_1.3.7-2.dsc fbfa54f534125903493bbba3425844adeac665328808c2a60c86175f15556630 8828 softhsm_1.3.7-2.debian.tar.xz fc1a91adeaf6428622ce4dc27e5ab4d94d4d1189134f1f634b68c8c6870edd5d 10664 softhsm-common_1.3.7-2_amd64.deb 5d03f963dd75ad348311b7efb8195ca310836413abe2e4806836a2b4964b115f 36342 softhsm_1.3.7-2_amd64.deb 611379a9b87081d04a35e4104383f8b043d04a6b54d6c6e5687c08eccdb3f547 55302 libsofthsm-dev_1.3.7-2_amd64.deb b3469ada39383bf8b4739026f364221635e1fd4fe8ca27027c2566366af87969 42530 libsofthsm_1.3.7-2_amd64.deb 6276210c230ee637ce08dbcc60403c1f5d13584ea3c53aad577664b74f9edcf6 362020 softhsm-dbg_1.3.7-2_amd64.deb Files: 223f9b3f0cad7934378ed682c3586264 2357 admin extra softhsm_1.3.7-2.dsc 315b2804602ca9110a49a39ec9cdc179 8828 admin extra softhsm_1.3.7-2.debian.tar.xz 97c3802f0978c97dcda7bd863ac13f40 10664 admin extra softhsm-common_1.3.7-2_amd64.deb 8a91b788bb45e507bc76ff8f98b8d2f2 36342 admin extra softhsm_1.3.7-2_amd64.deb 9832693ff6b2d124606911be2e7f0215 55302 libdevel extra libsofthsm-dev_1.3.7-2_amd64.deb 3b6a231af6062514b749a02e1bce233f 42530 libs extra libsofthsm_1.3.7-2_amd64.deb 884fdeb46dc266637dedd32e00ce15eb 362020 debug extra softhsm-dbg_1.3.7-2_amd64.deb -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQJ8BAEBCgBmBQJUfJ8HXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQzMEI5MzNEODBGQ0UzRDk4MUEyRDM4RkIw Qzk5QjcwRUY0RkNCQjA3AAoJEAyZtw70/LsHsLEQAKiZDQFIBZcH8gRa1nwsPy1Q fx+mI7ZjREpw/COvGGkn2gWm0DYS8sXmaKhPpbnRtlfJoocfzRZ8E0dlSQWSYArK R+NvSRBf1GqByloJx7N0FgDVoZuTeYvrGwXtVybXlTzstaCgqRjCTDI00M5p54dt nqej5sLRNsGtDaFIm6npNRA3B86yA8/VAvhsG1L7Jla5S7FkZNcE0v6BDBHqt91R yLjeTipvuswZGNBYZQ6yVRUD5i/Brlwa0xJNl4HE5gymbYKeqT9PdapNxSw7/sIl sHAZPqNKPgOkw0I4+yBMM//xRQQ7dYCrJ+yfrUksbtq002+ZHej4bF0VBb6UYhYi 5xBSFWC+EjKdmyDiaoUbWPG8xpqTn+B5Tr2LoLqOaSCPy5RwepdRaa6xw5FbcSZI 1PbjJSW0jkwmpOMShmb2SVQJ1IyU54Ns0gvDtn1wjV5v3WkBYmSP0hBb4nfxsstT lED+mciI6ZQJMME8ytenoosFx0sNotOP7EwqWeeoBGRyGK3Vx4Ti4FNdbEUaPSn2 751ynGJ5y76peSMkqN0XWErBSSPnpSKMUfRK8MfFucbZ64cPnV+5O4Snty7lkQRg 2O38NcCIet08SlARqLWS8UhFB5TxSWIw8P3ke7aCrkACFt3LEzZ9wscfe6xVXI6f Z46CcRH5g8wnEUL+hsHW =MSkf -----END PGP SIGNATURE-----
diff -Nru softhsm-1.3.7/debian/changelog softhsm-1.3.7/debian/changelog --- softhsm-1.3.7/debian/changelog 2014-06-01 23:52:54.000000000 +0200 +++ softhsm-1.3.7/debian/changelog 2014-12-01 17:52:26.000000000 +0100 @@ -1,3 +1,12 @@ +softhsm (1.3.7-2) unstable; urgency=medium + + * Fix softhsm-keyconv creating security-sensibe file world-readable + (Closes: #752092) + * Update Vcs-Urls to point to anonscm.debian.org + * Standardize gbp repository layout + + -- Ondřej Surý <ondrej@debian.org> Mon, 01 Dec 2014 17:52:05 +0100 + softhsm (1.3.7-1) unstable; urgency=medium * New upstream version 1.3.7 diff -Nru softhsm-1.3.7/debian/control softhsm-1.3.7/debian/control --- softhsm-1.3.7/debian/control 2014-06-01 23:52:54.000000000 +0200 +++ softhsm-1.3.7/debian/control 2014-12-01 17:52:26.000000000 +0100 @@ -15,8 +15,8 @@ Build-Conflicts: libbotan1.8-dev Standards-Version: 3.9.1 Homepage: http://trac.opendnssec.org/wiki/SoftHSM -Vcs-Browser: http://git.debian.org/?p=pkg-nlnetlabs/softhsm.git -Vcs-Git: git://git.debian.org/pkg-nlnetlabs/softhsm.git +Vcs-Browser: http://anonscm.debian.org/?p=pkg-nlnetlabs/softhsm.git +Vcs-Git: git://anonscm.debian.org/pkg-nlnetlabs/softhsm.git Package: softhsm-common Architecture: any diff -Nru softhsm-1.3.7/debian/gbp.conf softhsm-1.3.7/debian/gbp.conf --- softhsm-1.3.7/debian/gbp.conf 2014-06-01 23:52:54.000000000 +0200 +++ softhsm-1.3.7/debian/gbp.conf 2014-12-01 17:52:26.000000000 +0100 @@ -1,7 +1,7 @@ [DEFAULT] -debian-branch = debian-sid +debian-branch = master debian-tag = debian/%(version)s -upstream-branch = upstream-sid +upstream-branch = upstream upstream-tag = upstream/%(version)s [git-dch] diff -Nru softhsm-1.3.7/debian/patches/series softhsm-1.3.7/debian/patches/series --- softhsm-1.3.7/debian/patches/series 2014-06-01 23:52:54.000000000 +0200 +++ softhsm-1.3.7/debian/patches/series 2014-12-01 17:52:26.000000000 +0100 @@ -1 +1,2 @@ +SUPPORT-101.patch 002_libtool_export_symbols_fix.patch diff -Nru softhsm-1.3.7/debian/patches/SUPPORT-101.patch softhsm-1.3.7/debian/patches/SUPPORT-101.patch --- softhsm-1.3.7/debian/patches/SUPPORT-101.patch 1970-01-01 01:00:00.000000000 +0100 +++ softhsm-1.3.7/debian/patches/SUPPORT-101.patch 2014-12-01 17:52:26.000000000 +0100 @@ -0,0 +1,198 @@ +From aa2d1ebb0ef31c71a4db4435f3dc056cacf87209 Mon Sep 17 00:00:00 2001 +From: Rickard Bellgrim <rickard@opendnssec.org> +Date: Sun, 26 Oct 2014 08:08:43 +0100 +Subject: [PATCH 1/2] SOFTHSM-101: softhsm-keyconv creates files with sensitive + material in insecure way. Also applies to softhsm when using --export or + --optimize. + +--- + NEWS | 8 ++++++++ + src/bin/softhsm-keyconv.cpp | 50 ++++++++++++++++++++++++++++++++++++++++++--- + src/bin/softhsm.cpp | 31 +++++++++++++++++++++++++++- + 3 files changed, 85 insertions(+), 4 deletions(-) + +--- softhsm.orig/NEWS ++++ softhsm/NEWS +@@ -1,5 +1,13 @@ + NEWS for SoftHSM -- History of user visible changes + ++SoftHSM develop ++ ++Bugfixes: ++* SOFTHSM-101: softhsm-keyconv creates files with sensitive material ++ in insecure way. Also applies to softhsm when using --export or ++ --optimize. ++ ++ + SoftHSM 1.3.7 - 2014-05-28 + + Bugfixes: +--- softhsm.orig/src/bin/softhsm-keyconv.cpp ++++ softhsm/src/bin/softhsm-keyconv.cpp +@@ -48,6 +48,10 @@ + #include <iostream> + #include <fstream> + #include <stdint.h> ++#include <fcntl.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <errno.h> + + void usage() { + printf("Converting between BIND .private-key format and PKCS#8 key file format.\n"); +@@ -391,6 +395,15 @@ int to_pkcs8(char *in_path, char *out_pa + return 1; + } + ++ // Create and set file permissions if the file does not exist. ++ int fd = open(out_path, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ out_path, errno); ++ return 1; ++ } ++ close(fd); ++ + // Save the the key to the disk + switch(algorithm) { + case DNS_KEYALG_ERROR: +@@ -735,8 +748,16 @@ int save_rsa_bind(char *name, int ttl, B + snprintf(priv_out, MAX_LINE, "K%s+%03i+%05i.private", name, algorithm, key_tag); + snprintf(pub_out, MAX_LINE, "K%s+%03i+%05i.key", name, algorithm, key_tag); + +- // Create the private key file ++ // Create and set file permissions if the file does not exist. ++ int fd = open(priv_out, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ priv_out, errno); ++ return 1; ++ } ++ close(fd); + ++ // Create the private key file + file_pointer = fopen(priv_out, "w"); + if (!file_pointer) { + fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", priv_out); +@@ -786,8 +807,16 @@ int save_rsa_bind(char *name, int ttl, B + + printf("The private key has been written to %s\n", priv_out); + +- // Create the public key file ++ // Create and set file permissions if the file does not exist. ++ fd = open(pub_out, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ pub_out, errno); ++ return 1; ++ } ++ close(fd); + ++ // Create the public key file + file_pointer = fopen(pub_out, "w"); + if (!file_pointer) { + fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", pub_out); +@@ -836,6 +865,15 @@ int save_dsa_bind(char *name, int ttl, B + snprintf(priv_out, MAX_LINE, "K%s+%03i+%05i.private", name, algorithm, key_tag); + snprintf(pub_out, MAX_LINE, "K%s+%03i+%05i.key", name, algorithm, key_tag); + ++ // Create and set file permissions if the file does not exist. ++ int fd = open(priv_out, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ priv_out, errno); ++ return 1; ++ } ++ close(fd); ++ + file_pointer = fopen(priv_out, "w"); + if (!file_pointer) { + fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", priv_out); +@@ -873,8 +911,16 @@ int save_dsa_bind(char *name, int ttl, B + + printf("The private key has been written to %s\n", priv_out); + +- // Create the public key file ++ // Create and set file permissions if the file does not exist. ++ fd = open(pub_out, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ pub_out, errno); ++ return 1; ++ } ++ close(fd); + ++ // Create the public key file + file_pointer = fopen(pub_out, "w"); + if (!file_pointer) { + fprintf(stderr, "Error: Could not open output file %.100s for writing.\n", pub_out); +--- softhsm.orig/src/bin/softhsm.cpp ++++ softhsm/src/bin/softhsm.cpp +@@ -46,6 +46,10 @@ + #include <iostream> + #include <fstream> + #include <sched.h> ++#include <fcntl.h> ++#include <sys/types.h> ++#include <sys/stat.h> ++#include <errno.h> + + #ifdef HAVE_DLOPEN + #include <dlfcn.h> +@@ -1005,6 +1009,15 @@ int removeSessionObjs(char *dbPath) { + CK_BBOOL ckFalse = CK_FALSE; + int retVal = 0; + ++ // Create and set file permissions if the DB does not exist. ++ int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR); ++ if(fd == -1) { ++ fprintf(stderr, "Could not open the token database. errno=%i. " ++ "Probably wrong privileges: %s", errno, dbPath); ++ return 1; ++ } ++ close(fd); ++ + if(sqlite3_open(dbPath, &db) != 0) { + fprintf(stderr, "ERROR: Could not connect to database.\n"); + return 1; +@@ -1278,6 +1291,15 @@ CK_RV writeKeyToDisk(char *filePath, cha + return CKR_GENERAL_ERROR; + } + ++ // Create and set file permissions if the file does not exist. ++ int fd = open(filePath, O_CREAT, S_IRUSR | S_IWUSR); ++ if (fd == -1) { ++ fprintf(stderr, "ERROR: Could not open the output file: %s (errno %i)\n", ++ filePath, errno); ++ return CKR_GENERAL_ERROR; ++ } ++ close(fd); ++ + std::ofstream privFile(filePath); + + if(!privFile) { +@@ -1468,6 +1490,15 @@ Botan::Private_Key* getPrivKey(char *dbP + sqlite3_stmt *select_sql = NULL; + Botan::Private_Key *privKey = NULL; + ++ // Create and set file permissions if the DB does not exist. ++ int fd = open(dbPath, O_CREAT, S_IRUSR | S_IWUSR); ++ if(fd == -1) { ++ fprintf(stderr, "Could not open the token database. errno=%i. " ++ "Probably wrong privileges: %s", errno, dbPath); ++ return NULL; ++ } ++ close(fd); ++ + if(sqlite3_open(dbPath, &db) == 0 && sqlite3_prepare_v2(db, select_str, -1, &select_sql, NULL) == 0) { + if(getObjectClass(select_sql, oHandle) == CKO_PRIVATE_KEY && getKeyType(select_sql, oHandle) == CKK_RSA) { + Botan::BigInt bigN = getBigIntAttribute(select_sql, oHandle, CKA_MODULUS); +@@ -1477,7 +1508,7 @@ Botan::Private_Key* getPrivKey(char *dbP + Botan::BigInt bigQ = getBigIntAttribute(select_sql, oHandle, CKA_PRIME_2); + + Botan::AutoSeeded_RNG *rng = new Botan::AutoSeeded_RNG(); +- ++ + try { + privKey = new Botan::RSA_PrivateKey(*rng, bigP, bigQ, bigE, bigD, bigN); + }