this post was submitted on 22 Aug 2023
1 points (100.0% liked)

A place for everything about web development

672 readers
1 users here now

founded 5 years ago
MODERATORS
antimatroid@lemmy.ml
1
Can RSA be used for web API authentication? (lemy.lol)
submitted 1 year ago by iso@lemy.lol to c/webdev@lemmy.ml
2 comments fedilink hide all child comments
 

cross-posted from: https://lemy.lol/post/4569543

I need to

  • encrypt JSON payload (not just sign)
  • not share private key
  • verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

top 2 comments
sorted by: hot top controversial new old
[โ€“] solrize@lemmy.ml 1 points 1 year ago (1 children)

RSA is somewhat deprecated these days (use ECDSA instead) but you really have to know what you're doing either way. What is the application? What is the implementation language? Can you use NaCl/libsodium/whatever? Can you simply use TLS instead of application level encryption?

[โ€“] iso@lemy.lol 1 points 1 year ago

We discussed here more: https://lemmy.ml/post/3715583