- cross-posted to:
- webdev
- crypto@infosec.pub
- cross-posted to:
- webdev
- crypto@infosec.pub
cross-posted from: https://lemy.lol/post/4569543
I need to
- encrypt JSON payload (not just sign)
- not share private key
- verify the payload is generated with the shared public key and RSA fitting all of these.
As I’ve only made auth with JWT so far, I’m not sure. If I use RSA, I guess I have to put the encrypted text in the body.
Do you think it can be used? Any other suggestions?
So what part are you wanting to protect?
The user to your client? The client to you? Or essentially end-to-end between the user and you, but via your client?
Perhaps an alternative way?
The user sends the stock pool to the client, they give the user a transaction key. The user submits the transaction key to you, you fetch the transaction details from the client, then you process them?
I guess I’m failing to understand why the payload needs to be encrypted everything is already travelling over an encrypted medium (IE TLS/HTTPS).
The client wants to encrypt the payload while sending to us. I hope they know why they want this :)