I'm developing a SOAP application where java clients provide authentication information with each call, and the server verifies the auth info before dispatching calls.
- The length of this auth info will typically be 50 bytes. - Approximately half (the leading half) of these auth info bytes will be different with each call. I want to encrypt this auth info each time the client makes a soap call, I was thinking of using RSA: the client encrypting the info using the public key and the server decrypting using the private key. Q. I understand that RSA (asymmetric) is slower than symmteric but would this still be the case given the size of the plaintext Q. Is using RSA to encrypt small packets in-secure?, if so should I artificially increase the size of the plaintext by introducing random noise? Q. If I instead use a block cipher (say AES) should I use a different IV for every encryption, if so the client would have to send the IV (and the length of the IV) along with the ciphertext? Q. Would Base64 or Hex be the best encoding option to use to transmit the cipher text via soap (HTTP/XML) to the server? comments appreciated. phil
