I think it's a good design, I am working on a side project with pretty much the same architecture. I like that you consider the username as PII, it totally makes sense.
What do you use to generate the symmetric key from the password? I'm considering to use argon2id in WebAssembly.
I'm also using JWE (JSON Web Encryption) and JOSE librairies so I don't have to go too deep in the crypto implementation. Did you consider it?
1 comment
[ 3.0 ms ] story [ 11.5 ms ] threadWhat do you use to generate the symmetric key from the password? I'm considering to use argon2id in WebAssembly.
I'm also using JWE (JSON Web Encryption) and JOSE librairies so I don't have to go too deep in the crypto implementation. Did you consider it?