Https key exchange

looking at the https process, there is a question: why does https need to use a secret key exchange such as ecdh?

keep it simple:

the client randomly generates the hash value of the AES secret key AESKey, request data sign
encrypt the AESKey+sign using the public key and encrypt the request data using AESkey
the data finally sent to the server contains pub.pem.encrypt (AESKey + sign), AES (data)
the server uses the private key to decrypt AESKey + sign, and then decrypts data
the server encrypts the returned data and the AES (response + responseSign), client decrypts the returned data according to the secret key.

the process should be secure, regardless of the man-in-the-middle problem, so why do you need a secret key exchange like ecdh?
suppose you implement an encryption process and the public key is built into the client, so you can also prevent the middleman?

Encryption-and-decryption secure Network-Transport-Protocol

Mar.28,2022

problem 1 : asymmetric encryption is secure, but it is too inefficient, so it is necessary to generate a key that is known only to the client and the server, and then encrypt it symmetrically.

question 2 : if the public key of the server can be built into the client, it can prevent man-in-the-middle attacks. Because the man-in-the-middle attack takes place in this process of acquisition, since there is no need to acquire, there is no attack.

Previous: The vue page has just entered the login page. Click to log in and jump to the home page.

Next: Fsevents@1.2.4 appears when vue project installs dependencies with yarn