this post was submitted on 22 Aug 2023
3 points (100.0% liked)

Cryptography

309 readers
15 users here now

Questions, answers, discussions, and literature on the theory and practice of cryptography

founded 1 year ago
MODERATORS
 

I need to

  • encrypt JSON payload (not just sign)
  • not share private key
  • verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 2 points 1 year ago* (last edited 1 year ago) (1 children)

This might help: https://www.scottbrady91.com/jose/json-web-encryption

Looks like it uses RSA so what I said above I think still applies.

EDIT: It is called JWE or JSON Web Encryption for help with what keywords you should search. There are also other symmetric algos you can use with RSA like chacha20, but I think it is best to start with AES just because it has been used for years and is very well documented.

[โ€“] [email protected] 1 points 1 year ago* (last edited 1 year ago)

TIL that RSA allows maximum 245 character payload. But I guess that doesn't apply to JWE. Thanks for the suggestion, I'm researching ๐Ÿ™๐Ÿซก