I want to encrypt a private key $sk$ (it's actually an RSA private key in PKCS#8 format) with another person's (and/or my) public key $pk_A$ for secure storage. With JWE, it is possible to use hybrid encryption: we generate a random symmetric key $k$ to encrypt $sk$ and then encrypt $k$ with $pk_A$.
I would use AESGCM+RSAOAEP, though I've read that AESGCM should not be used for Key-Wrapping... but this isn't exactly what I'm doing here, and I'm not sure the warnings apply. Could anyone give me some advice? Should I just treat $sk$ like some normal data and happily go for AESGCM+RSAOAEP?
sources:
- JSON Web Encryption = https://www.rfc-editor.org/rfc/rfc7516
- a discussion on using GCM for keywrapping = WebCrypto AES-GCM vs AES-KW for key wrapping
