I am developing a web service for which I am using RSA encryption to encrypt request-response. I have shared the public key with the client and I am able to decrypt the incoming request using my private key. Now my question is how can I encrypt the response which is to be returned to the client. I have two options for this:
(1) Use my private key to encrypt the response and client will decrypt it using already shared public key.
(2) Ask clients to provide their public key and encrypt the response with that public key.
Kindly suggest which strategy to use for encrypting response?
You cannot encrypt with the private key, as the public key is supposed to be public. Encryption with the private key is inherently unsafe and programming API's generally disallow the use of it.
So (2) is really the only option: have the clients public key and let them decrypt with the private key. However that's not all of the story:
This is why it is generally advisable to rely on TLS (only). TLS is not always secure, but it is almost always more secure than a self-made scheme.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.