Https key exchange

looking at the https process, there is a question: why does https need to use a secret key exchange such as ecdh?

keep it simple:

  1. the client randomly generates the hash value of the AES secret key AESKey, request data sign
  2. encrypt the AESKey+sign using the public key and encrypt the request data using AESkey
  3. the data finally sent to the server contains pub.pem.encrypt (AESKey + sign), AES (data)
  4. ).
  5. the server uses the private key to decrypt AESKey + sign, and then decrypts data
  6. the server encrypts the returned data and the AES (response + responseSign), client decrypts the returned data according to the secret key.

the process should be secure, regardless of the man-in-the-middle problem, so why do you need a secret key exchange like ecdh?
suppose you implement an encryption process and the public key is built into the client, so you can also prevent the middleman?


problem 1 : asymmetric encryption is secure, but it is too inefficient, so it is necessary to generate a key that is known only to the client and the server, and then encrypt it symmetrically.

question 2 : if the public key of the server can be built into the client, it can prevent man-in-the-middle attacks. Because the man-in-the-middle attack takes place in this process of acquisition, since there is no need to acquire, there is no attack.

MySQL Query : SELECT * FROM `codeshelper`.`v9_news` WHERE status=99 AND catid='6' ORDER BY rand() LIMIT 5
MySQL Error : Disk full (/tmp/#sql-temptable-64f5-1e45cdc-66504.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
MySQL Errno : 1021
Message : Disk full (/tmp/#sql-temptable-64f5-1e45cdc-66504.MAI); waiting for someone to free some space... (errno: 28 "No space left on device")
Need Help?