What padding mode is this using? Looking at the code, I think it's using raw RSA to encrypt the data directly. That may be vulnerable to several attacks.<p>I may not understand your application correctly, but it's unclear why you're even using public key crypto. It appears that you must type a passphrase to access both a public and private key that live on the same server. Why not just use a symmetric key?<p>Cautionary advice about rolling your own crypto: <a href="http://www.youtube.com/watch?v=ySQl0NhW1J0" rel="nofollow">http://www.youtube.com/watch?v=ySQl0NhW1J0</a>