this post was submitted on 22 Aug 2023
3 points (100.0% liked)
Cryptography
309 readers
15 users here now
Questions, answers, discussions, and literature on the theory and practice of cryptography
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
Idk why the other person said to not use RSA because of PKCS#1 padding vulns since 2048 RSA-OAEP should be fine for your use case. Just make sure to rotate keys and encrypt first with AES or some other symmetric encryption than RSA. Also, double check the libraries you're using and try to implent boring encryption which will reduce the probability of a misconfigured encryption algorithm. Also, make sure to secure the private key which can be done a number of ways.
I personally wouldn't use RSA for this, but that's just me.
I don't want to use RSA too but nothing better comes to my mind :)
This might help: https://www.scottbrady91.com/jose/json-web-encryption
Looks like it uses RSA so what I said above I think still applies.
EDIT: It is called JWE or JSON Web Encryption for help with what keywords you should search. There are also other symmetric algos you can use with RSA like chacha20, but I think it is best to start with AES just because it has been used for years and is very well documented.
TIL that RSA allows maximum 245 character payload. But I guess that doesn't apply to JWE. Thanks for the suggestion, I'm researching 🙏🫡