Starting out When we first sat down with the spec, the sentence that stuck with us was: "Note that RSA isn't really meant to encrypt plaintext, but you'll have to find a way to get it to do that." That single line ended up shaping almost every decision we made. It told us the assignment wasn't really about getting RSA to swallow 140 characters — it was about recognizing why you shouldn't, and reaching for the pattern that real systems use instead. We split the work loosely: Akhy took the key-generation and trusted-directory layout, Lars owned the encryption/signing pipeline, and Carl handled the CLI, the sample files, and hammering on edge cases. Anything involving padding parameters (OAEP, PSS, MGF1, salt lengths) we did together, because those are the kinds of details that silently compile and silently break security. The first attempt — and why we threw it away Our first version did the literal thing: RSA-OAEP directly on the plaintext , then sign the resulting ciphertext with the other keypair.…