- cross-posted to:
- webdev
- webdev@programming.dev
- cross-posted to:
- webdev
- webdev@programming.dev
I need to
- encrypt JSON payload (not just sign)
- not share private key
- verify the payload is generated with the shared public key and RSA fitting all of these.
As I’ve only made auth with JWT so far, I’m not sure. If I use RSA, I guess I have to put the encrypted text in the body.
Do you think it can be used? Any other suggestions?
I don’t want to use RSA too but nothing better comes to my mind :)
This might help: https://www.scottbrady91.com/jose/json-web-encryption
Looks like it uses RSA so what I said above I think still applies.
EDIT: It is called JWE or JSON Web Encryption for help with what keywords you should search. There are also other symmetric algos you can use with RSA like chacha20, but I think it is best to start with AES just because it has been used for years and is very well documented.
TIL that RSA allows maximum 245 character payload. But I guess that doesn’t apply to JWE. Thanks for the suggestion, I’m researching 🙏🫡