diff --git a/internal/crypto/b64.go b/internal/crypto/b64.go
index 34534225..fcaa1160 100644
--- a/internal/crypto/b64.go
+++ b/internal/crypto/b64.go
@@ -2,16 +2,26 @@ package crypto
 
 import "encoding/base64"
 
-// EncryptB64 encrypts data into base64 string
-func EncryptB64(text string) string {
+// EncodeB64 encodes data to a base64 string.
+func EncodeB64(text string) string {
 	return base64.StdEncoding.EncodeToString([]byte(text))
 }
 
-// DecryptB64 decrypts from base64 string to readable string
-func DecryptB64(s string) (string, error) {
+// DecodeB64 decodes a base64 string back to plaintext.
+func DecodeB64(s string) (string, error) {
 	data, err := base64.StdEncoding.DecodeString(s)
 	if err != nil {
 		return "", err
 	}
 	return string(data), nil
 }
+
+// EncryptB64 is a deprecated alias for EncodeB64.
+func EncryptB64(text string) string {
+	return EncodeB64(text)
+}
+
+// DecryptB64 is a deprecated alias for DecodeB64.
+func DecryptB64(s string) (string, error) {
+	return DecodeB64(s)
+}
diff --git a/internal/crypto/rsa.go b/internal/crypto/rsa.go
index 6eba8521..b2a435f7 100644
--- a/internal/crypto/rsa.go
+++ b/internal/crypto/rsa.go
@@ -13,7 +13,7 @@ import (
 // NewRSAKey to generate new RSA Key if env is not set
 // returns key instance, private key string, public key string, jwk string, error
 func NewRSAKey(algo, keyID string) (*rsa.PrivateKey, string, string, string, error) {
-	key, err := rsa.GenerateKey(rand.Reader, 2048)
+	key, err := rsa.GenerateKey(rand.Reader, 4096)
 	if err != nil {
 		return nil, "", "", "", err
 	}
@@ -130,7 +130,10 @@ func EncryptRSA(message string, key rsa.PublicKey) (string, error) {
 }
 
 func DecryptRSA(cipherText string, privateKey rsa.PrivateKey) (string, error) {
-	ct, _ := base64.StdEncoding.DecodeString(cipherText)
+	ct, err := base64.StdEncoding.DecodeString(cipherText)
+	if err != nil {
+		return "", err
+	}
 	label := []byte("OAEP Encrypted")
 	rng := rand.Reader
 	plaintext, err := rsa.DecryptOAEP(sha256.New(), rng, &privateKey, ct, label)