0

Say I want Bob to be able to send Alice a message using her public key over a curl -X POST http://$DOMAIN/... type endpoint. There are step by step instructions for this use case using "nacl" and step-cli's step crypto nacl box, however I am confused how to realise this using practically in a NodeJS / Express app.

The popular node-jose package has no mention of "nacl" aka salt.

Should I be using JSON Web Encryption (JWE) instead?

What is the content-type for the encrypted message?

There doesn't seem to be super clear examples from https://github.com/cisco/node-jose#keys-used-for-encrypting-and-decrypting how to do this using Web http between "Bob" & "Alice". I.e. where is the fetching of the public key? Is it http://$DOMAIN/.well-known/keys?

hendry
  • 9,725
  • 18
  • 81
  • 139
  • To achieve this both side would need to know the encryption key. I am not sure this is the right solution. Any reason why you don't have a SSL? if it is the cost then it might be worth looking at this: https://letsencrypt.org/ – NItin Vaja Jan 19 '22 at 11:37
  • It's not about cost, it's about not trusting the transport layer and a bit of a thought experiment. – hendry Jan 19 '22 at 13:50

0 Answers0