cross-posted from: https://lemy.lol/post/4569543

I need to

• encrypt JSON payload (not just sign)
• not share private key
• verify the payload is generated with the shared public key and RSA fitting all of these.

As I’ve only made auth with JWT so far, I’m not sure. If I use RSA, I guess I have to put the encrypted text in the body.

Do you think it can be used? Any other suggestions?