I am building a WebRTC signaling server that can only be discovered by browsers who a.) know the domain of the server, and b.) have the key to decode a DNS TXT record that contains the signaling server address and port. The basic idea is to obscure the address of the actual signaling server from unwanted clients.
What I've been imagining was using some kind of pre-shared key that is either coded in the browser-side application, or provided to users of the application. I'm not looking for hack-proof security on the TXT record, just a way to casually obscure it for now.
I've been looking into various cryptography APIs, and I think the simplest one for my level of experience is sodium-plus.
However, given my lack of cryptography experience, I am not quite sure what the right method would be to encrypt the TXT record, and then use the key to decrypt the retrieved DNS record in the browser. (As a note, I'm using DoHjs for browser DNS lookups.)
I think the method I want to use in sodium-plus is crypto-box, but it just doesn't seem to be quite right for my use case.
Any guidance would be appreciated.