Cryptography @ Infosec.pub

515 readers

4 users here now

Questions, answers, discussions, and literature on the theory and practice of cryptography

Rules (longer version here)

Stick to cryptography / infosec
Be a good netizen - be kind, act in good faith, maintain high quality, don't mislead
Link directly to original sources
Don't use us to cheat on challenges or tests!
Crypto review requests must show the algorithm
CTF / challenges and puzzles must use modern crypto
Avoid making duplicate posts
All use of AI / LLM and their prompts MUST be disclosed in your submissions and comments

##Related resources;

Reddit cryptography forums 1 & 2; /r/crypto /r/cryptography
Cryptology ePrint archive
Discussion site for ePrint papers
Libera Chat's IRC:s #crypto - (IRC protocol URL)
Metzdowd cryptography mailing list
Randombit cryptography mailing list
StackExchange cryptography community

founded 2 years ago

MODERATORS

SqueamishOssifrage

TrustedThirdParty

Can RSA be used for web API authentication? (lemy.lol)

submitted 2 years ago* (last edited 2 years ago) by iso@lemy.lol to c/crypto

8 comments fedilink hide all child comments

I need to

encrypt JSON payload (not just sign)
not share private key
verify the payload is generated with the shared public key and RSA fitting all of these.

As I've only made auth with JWT so far, I'm not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?

you are viewing a single comment's thread
view the rest of the comments

[–] colossus 3 points 2 years ago

Sounds like you’re proposing WebAuthn which already exists. Keep in mind that there are attacks against RSA with PKCS1 padding. I’d use a more secure cryptographic primitive than RSA (I.e. elliptic curves) - there’s a reason cryptographic experts don’t look towards RSA these days.