I'm working on a project to upgrade an existing system that currently uses RC4 to encrypt a payload with a random session key. The session key is then encrypted with asymmetric public key encryption (RSA PKCS#1 OAEP). The encrypted pair are then transmitted over insecure channels as a token.

I'm looking to replace the RC4 part with AES-128-GCM. This is an interim solution on the way to use a standardised authenticated public key message exchange framework, such as openPGP or JOSE JWE.

To reduce the amount of work required to implement AES-128-GCM by keeping the message syntax the same, I was thinking of use a static IV/nonce shared by sender and recipient. As the session key is unique I understand that this is as secure as using a random IV with a static key.

Is this an acceptable solution?

I'm working on a project to upgrade an existing system that currently uses RC4 to encrypt a payload with a random session key. The session key is then encrypted with asymmetric public key encryption (RSA PKCS#1 OAEP). The encrypted pair are then transmitted over insecure channels as a token.

I'm looking to replace the RC4 part with AES-128-GCM. This is an interim solution on the way to using a standardised authenticated public key message exchange framework, such as OpenPGP or JOSE JWE.

To reduce the amount of work required to implement AES-128-GCM by keeping the message syntax the same, I was thinking of using a static IV/nonce shared by sender and recipient. As the session key is unique, I understand that this is as secure as using a random IV with a static key.

Is this an acceptable solution?