How can I achieve the highest level of security in this situation?
I have experimented with using the same public key for all users to encrypt data transmitted over HTTPS to my backend automatically.
However, individuals could potentially intercept and decrypt the JSON payload before encryption, then re-encrypt it on their end before sending it to my server.
The best scenario would involve only allowing client-side access to the public key, while the server has access to both the user's private key and public key.
Currently implementing RSA encryption
Frameworks utilized: VueJS and NestJS