Rsa Keys Keys Static Generation

I'm guiding myself with this answer over here, which explains how to use both AES and RSA. I managed to successfully implement the AES part with an util class in which I use a pass

Solution 1:

You don't have to generate new RSA keys every time. You can simply encrypt with the public key each time. If the data is too large then you should try and use hybrid encryption (i.e. generate a random AES key each time, encrypt the message with it and then encrypt the AES key with the public key of the RSA key pair).

You can simply distribute the public key within your Android app.

It's probably best not to use symmetric encryption at the server, if you want to store passwords for authentication, generate a salt on the server and perform PBKDF2 on the password. Then store the salt and the result of PBKDF2. Then whenever an authentication attempt is made, retrieve the salt, perform the PBKDF2 function again and compare the result with the value in the database.