What would be the most secure way to do so?
So far I tried providing the same public key for every user which automatically encrypts the data sent over a https request to my backend.
For that reason, people with enough knowledge can get the json payload before its encrypted and encrypt it by themselves on their end and send it over my server.
The most ideal case would be so the client side only has access to the public key while the server can view both user’s private key and public key.
I’m currently using RSA for this
Frameworks in use: VueJS and NestJS
>Solution :
The web browser belongs to the user. It is completely under their control. Anything you do in the browser can be inspected and manipulated by the user.
You can encrypt data during transmission to protect it from third-parties with HTTPS.
You can’t make the user’s browser compensate for you not trusting the user.