I'm trying to set up a secure communication between a Ruby Sinatra based web-backend and a Google Go application. The Go application contains the public key and initially opens the connection. It then encrypts the random generated AES with its public key and sends it to the web-backend. All upcoming (large-size) data will be encrypted using the AES key. Is this a usable approach in general?
The Go code looks like this
aesRand := make([]byte, 32)
rand.Read(aesRand)
AESBlock, _ = aes.NewCipher(aesRand)
// Encrypt AES key with RSA
data, err := rsa.EncryptPKCS1v15(rand.Reader, PubKey, aesRand)
Now the question is, is it right to encrypt and send the random bytes over the line or should I encrypt and send the AESBlock?
Thanks in advance!