Cryptography

366 readers

15 users here now

Questions, answers, discussions, and literature on the theory and practice of cryptography

Related resources;

Reddit cryptography forums 1 & 2; /r/crypto /r/cryptography
Cryptology ePrint archive
Discussion site for ePrint papers
Libera Chat's IRC:s #crypto - (IRC protocol URL)
Metzdowd cryptography mailing list
Randombit cryptography mailing list
StackExchange cryptography community

founded 2 years ago

MODERATORS

[email protected]

Can RSA be used for web API authentication? (lemy.lol)

submitted 2 years ago* (last edited 2 years ago) by [email protected] to c/[email protected]

8 comments fedilink hide all child comments

I need to

encrypt JSON payload (not just sign)
not share private key
verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

top 8 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 1 day ago (1 children)

Is there a particular reason you want to use your own implementation instead of JWT? If you just want an alternative to JWT, there is also PASETO.

[–] [email protected] 2 points 1 day ago

I wanted to let my users encrypt their payload with my public key so only I can decrypt that payload. Just like how PGP works. Eventually I've used hybrid encryption with AES for encrypting the payload and RSA for encrypting AES secret key.

Just to let you know this post is almost 2 years old :)

[–] [email protected] 4 points 2 years ago* (last edited 2 years ago) (1 children)

Idk why the other person said to not use RSA because of PKCS#1 padding vulns since 2048 RSA-OAEP should be fine for your use case. Just make sure to rotate keys and encrypt first with AES or some other symmetric encryption than RSA. Also, double check the libraries you're using and try to implent boring encryption which will reduce the probability of a misconfigured encryption algorithm. Also, make sure to secure the private key which can be done a number of ways.

I personally wouldn't use RSA for this, but that's just me.

[–] [email protected] 1 points 2 years ago (1 children)

I don't want to use RSA too but nothing better comes to my mind :)

[–] [email protected] 2 points 2 years ago* (last edited 2 years ago) (1 children)

This might help: https://www.scottbrady91.com/jose/json-web-encryption

Looks like it uses RSA so what I said above I think still applies.

EDIT: It is called JWE or JSON Web Encryption for help with what keywords you should search. There are also other symmetric algos you can use with RSA like chacha20, but I think it is best to start with AES just because it has been used for years and is very well documented.

[–] [email protected] 1 points 2 years ago* (last edited 2 years ago)

TIL that RSA allows maximum 245 character payload. But I guess that doesn't apply to JWE. Thanks for the suggestion, I'm researching 🙏🫡

[–] [email protected] 3 points 2 years ago

Sounds like you’re proposing WebAuthn which already exists. Keep in mind that there are attacks against RSA with PKCS1 padding. I’d use a more secure cryptographic primitive than RSA (I.e. elliptic curves) - there’s a reason cryptographic experts don’t look towards RSA these days.

[–] [email protected] 0 points 2 years ago

If you're already using JWTs for the auth it seems like JWE.

However unless you're storing your tokens and payloads (like in a job queue) that might be overkill. If your standard REST/Graphql api is backed by SSL/TLS you get encryption in transit for free.