Reputation: 10843
How to protect a payload assuming we don't have SSL?
Say I want Bob to be able to send Alice a message using her public key over a curl -X POST http://$DOMAIN/... type endpoint. There are step by step instructions for this use case using "nacl" and step-cli's step crypto nacl box, however I am confused how to realise this using practically in a NodeJS / Express app.
The popular node-jose package has no mention of "nacl" aka salt.
Should I be using JSON Web Encryption (JWE) instead?
What is the content-type for the encrypted message?
There doesn't seem to be super clear examples from https://github.com/cisco/node-jose#keys-used-for-encrypting-and-decrypting how to do this using Web http between "Bob" & "Alice". I.e. where is the fetching of the public key? Is it http://$DOMAIN/.well-known/keys?
Upvotes: 0
Views: 93
Answers (0)
Related Questions
- Encrypting HTTP POST data
- How to secure my API against "fictitious" payload?
- How to send end-to-end encryption code securely
- HTTPS sending sensitive data
- How can I send data to an API via the internet securely?
- Secure ways in sending confidential data to the server using HTTP Post
- Securing a http connection
- How to defend data from MITM attacks over HTTPS?
- sending data in a secure way
- What's the best way to implement security through http