diff --git a/ChangeLog b/ChangeLog
index bd859f9e9f02abadd3bc088e7471d7148b97d16b..9de5550eacbdf86a43fd783def5a239c9b532fae 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,3 +1,14 @@
+2004-01-09  Niels Möller  <nisse@harpo.hack.org>
+
+	* examples/rsa-encrypt.c: Expanded the comment describing the file
+	format. 
+
+	* examples/rsa-decrypt.c (process_file): Finished this function.
+	(main): Initialize x. Check the size of the session key after rsa
+	decryption. 
+
+	* examples/io.c (write_string): Treat short item count as an error.
+
 2004-01-08  Niels Möller  <niels@s3.kth.se>
 
 	* index.html: Added instruction for CVS access.
diff --git a/examples/rsa-encrypt.c b/examples/rsa-encrypt.c
index c597f997ce8a95dfe01e130c9a6fb0839b0d46b4..0e9ab59cae7df52378980b63b0411661a9cbb6bc 100644
--- a/examples/rsa-encrypt.c
+++ b/examples/rsa-encrypt.c
@@ -25,12 +25,12 @@
 /* Encryption program using the following file format:
 
      uint32_t version = 1;
-     uint32_t nsize;
-     uint8_t x[nsize];
+     uint32_t xsize;
+     uint8_t x[xsize];
      uint8_t encrypted[n];
      uint8_t hmac[SHA1_DIGEST_SIZE];
 
-   where x is the data
+   "x" is the data
 
      uint32_t version = 1;
      uint8_t aes_key[AES_KEY_SIZE];
@@ -39,6 +39,13 @@
 
    of size (4 + AES_KEY_SIZE + AES_BLOCK_SIZE + SHA1_DIGEST_SIZE) = 72
    bytes, encrypted using rsa-pkcs1.
+
+   "encrypted" is the cleartext processed with aes-cbc. The final block is padded as
+
+     | data | random octets | padding length |
+
+   where the last octet is the padding length, a number between 1 and
+   AES_BLOCK_SIZE (inclusive).
 */
    
 #if HAVE_CONFIG_H