Diffie-Hellman won’t really work here, since only one side has a public key, one side has the private. It must be this way to prevent decryption when the data is at-rest on one of the sides before transmission.

Currently, I am using RSA-2048 only, which limits the payload size to 245 bytes. I want to support much larger sizes of data, so a RSA/AES hybrid makes sense.

I know that it would work if I generate a random AES key, encrypt that AES key using the RSA public key, encrypt the real payload using the AES key, and then serialize them in sequence (this has to be transmitted as one chunk) like so…

```
<RSA-encrypted-AES-key> <some-delimiter> <data-encrypted-with-AES>
```

My question is… should I just use the above format with the delimiter? Seems pretty straight forward. Perhaps there is a more standard / expected way to serialize these two together?

Go to Source

Author: Wisteso