- cross-posted to:
- webdev
- webdev@programming.dev
- cross-posted to:
- webdev
- webdev@programming.dev
I need to
- encrypt JSON payload (not just sign)
- not share private key
- verify the payload is generated with the shared public key and RSA fitting all of these.
As I’ve only made auth with JWT so far, I’m not sure. If I use RSA, I guess I have to put the encrypted text in the body.
Do you think it can be used? Any other suggestions?
If you’re already using JWTs for the auth it seems like JWE.
However unless you’re storing your tokens and payloads (like in a job queue) that might be overkill. If your standard REST/Graphql api is backed by SSL/TLS you get encryption in transit for free.