Client Side Encryption algorithm: security + is padding algorithm needed in this case?

Question

I will be using CSE for a web application as follows.

• Generate a random AES key
• Encrypt the cleartext data with this AES key
• Encrypt the AES key with the service's public key, using RSA

Obviously, all that will happen over SSL. I purposely skipped the process of how I retrieve the service's public key.

1) Is this algorithm secure? I assume it is because it seems to be the standard. Assuming of course you are correctly using AES and using a RSA key of a proper length.

2) I know that when encrypting a message using RSA, a padding algorithm such as RSA-OAEP should be used to add randomness to the message. But since in this case the message is random (it is the randomly generated AES key), is the padding algorithm still necessary / useful? If yes, why? Assuming here that the randomly generated AES key is random enough.

Thanks!

Answer 1

1) It could be, yes. See also Is this RSA/AES combination good? and should I be using RSA or AES?

2) Yes. See What specific padding weakness does OAEP address in RSA?

It looks like you are trying to implement your own crypto. This is a bad idea. Furthermore, you mention you already have an SSL connection, so I don't really see the point of adding additional encryption on top of that.

If you really want this, you should use a higher-level interface. If you use GPG or SSL you don't have to worry about padding or combining RSA and AES.