I understand that from security perspective the sign-then-encrypt approach is the best.
I tried to implement it in Python with the cryptography package and I got this error: ValueError: Encryption/decryption failed.
This is not surprising. The maximum I can encrypt with RSA and OAEP padding is 190 bytes, but the signature alone is 256 bytes and there is the actual data I want to encrypt.
So if the maximum size I can encrypt is 190 bytes, how am I expected to encrypt 256 bytes signature + additional data?
And yet everybody is talking about sign-then-encrypt messages...
What am I missing here?
