Here are the requirements: 1. Receive data and store it encrypted data with public key 2. Private key is not supplied and not stored 3. Return encrypted data through the APIs 4. Display decrypted data in the web client with the private key supplied (but never sent over the wire)
- Is this standard mode of operation?
- I was thinking the client would supply the private key on demand and it will be stored in memory, so every new session the key would need to be supplied again. that way the client can decrypt these fields to display.
- Any better suggestion on how to handle customer sensitive data, where only the customer can see that decrupted data, and not even the admin on our service can decrypt the data?