I have a website which is used by corporate company with some sensitive data. What we are planning to setup a public private key implementation within our website.
While storing the information to our database, Users data will be encrypted with the public key we have and while displaying the details on webpage, users private key is used in front end to display the details.
Public & Private keys are only for our website data encryption & decryption not for external authentication.
Do we need to get external CA certificates for this?
simply can we use like Crypto module in nodejs for generating key-pairs and use?