NTE BAD DATA: padding and buffer size for CryptEncrypt() ?

[abr...@yahoo.com]

I'm writing encryption/decryption functions using RSA keys (2048) and
RC2 algorithm, but decryption exits with NTE_BAD_DATA. Strangely
enough, it works ok if I decrypt a message from my own computer to my
own public key and everything worked fine with the Base Provider.
Maybe I should size the encryption buffer to take account of the
padding, but I can't understand what these MSDN excerpts mean:

-----------------
In Windows 2000, the Microsoft® Enhanced RSA Provider supports direct
encryption with RSA public keys and decryption with RSA private keys.
The encryption uses PKCS #1 Type 2 padding. On decryption, this padding
is verified. The length of plaintext data that can be encrypted with a
call to CryptEncrypt with an RSA key is the length of the key modulus
minus eleven bytes. The eleven bytes is the chosen minimum for PKCS #1
padding.

...The length of ciphertext data to be decrypted must be the same
length as the modulus of the RSA key used to decrypt the data. If the
ciphertext has zeros in the most significant bytes, these bytes must be
included in the input data buffer and in the input buffer length...
-----------------

Any suggestions about how I should size my decryption (encryption)
buffer, assuming that it _is_ indeed a padding problem?

Thanks!

Andrew