qgustavor
commented
3 years ago RSA being cracked or not aside I think there are better options.
Maybe it can use symmetric encryption such as AES or xsalsa20: for encryption it takes the plain text, encrypts with one of those algorithms with a key known only by the server and return the result, to decrypt just invert the process. For better security use some library that handles nonces automatically... although I could not find any for Node so just generate a random one and append to the ciphertext.
One good thing about using RSA over using symmetric encryption (I think that's the only good thing) is that is possible to encrypt using a public key and decrypting require the private key, so encryption don't need to happen on the server, just decryption. If asymmetric encryption is still desired then sealed boxes can be used, which still allows offloading encryption from the server (it can even run in the browser) without having the issues of RSA.
Currently, the RSA algorithm is used for encryption of secrets. However, the author of a recent paper about the SVP algorithm has claimed that it cracks RSA: https://www.reddit.com/r/crypto/comments/lx4bom/schnorr_confirms_paper_is_his_claims_it_destroys/gpm8lla/?context=8&depth=9 We need a stronger asymmetric encryption algorithm.