I found that the function RSAKey::applyToValue doesn’t return false if a wrong (public) key was used, is this normal?


What do you mean by “wrong”…?

I mean: not the the correct other half of the key pair.

I do a software protection that checks a license file that was encoded with a private key and should be decoded with a public one. If for some reason the public/private keys doesn’t match the function should return false IMO. I tested this by entering a false public key and it returns true :shock:

Any key can be applied to any data. The algorithm doesn’t understand what your data contains or whether the result is “right” or “wrong”! It just takes two big numbers and performs an operation on them…

I understand, but the documentation of the applyToValue says:

“Returns false if the operation failed, e.g. if this object isn’t a valid key.”

so I assumed I could test the return value to see if there was a valid key used and the data was decoded ok.

No, by “valid” it just means that the key isn’t uninitialised or null or something. I thought that’d be obvious, but I guess it could use a bit more explanation.