this post was submitted on 22 Aug 2023
5 points (85.7% liked)

Web Development

0 readers
1 users here now

Icon base by Delapouite under CC BY 3.0 with modifications to add a gradient

founded 2 years ago
MODERATORS
snowe@programming.dev
Ategon@programming.dev
5
Can RSA be used for web API authentication? (lemy.lol)
submitted 2 years ago* (last edited 2 years ago) by iso@lemy.lol to c/webdev@programming.dev
5 comments fedilink hide all child comments
 

cross-posted from: https://lemy.lol/post/4569543

I need to

  • encrypt JSON payload (not just sign)
  • not share private key
  • verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

you are viewing a single comment's thread
view the rest of the comments
[โ€“] towerful@programming.dev 2 points 2 years ago (1 children)

So what part are you wanting to protect?
The user to your client? The client to you? Or essentially end-to-end between the user and you, but via your client?

Perhaps an alternative way?
The user sends the stock pool to the client, they give the user a transaction key. The user submits the transaction key to you, you fetch the transaction details from the client, then you process them?

I guess I'm failing to understand why the payload needs to be encrypted everything is already travelling over an encrypted medium (IE TLS/HTTPS).

[โ€“] iso@lemy.lol 1 points 2 years ago

The client wants to encrypt the payload while sending to us. I hope they know why they want this :)