Hi, during the preparation of the self-test patch for pkcs1pad, I noticed the following strange behavior: I set an RSA private key with e=0x10001 to generate a signature. This generation process was successful and the expected signature was generated. Now, when using the very same TFM with the already set private key and perform a signature verification on the previously generated signature failed. After some experiments, I found that I had to set e=0x0000000 ... 10001 where the size of e is equal to the size of n. Still, signature generation passed. And now, using the same TFM with the set private key, the signature verification passed too. How come that there is a dissimilar handling of e regarding signature generation and verification? Ciao Stephan