Client want to find a efficient way to encrypt the request to Server. RSA is secure but no efficient. AES is efficient but no secure. The idea is to combine the strength of RSA with security and AES with efficient. The following steps simplify the SSL process.
- Client randomly generates an AES key, K.
- Client want to send K in a secure way. It uses RSA to encrypt it with the public key, PubS, of Server.
- Server uses RSA to decrypt the cipher with the private key, PrvS, of Server to get the key, K. We can make sure that the transformation of K is secure because it is encrypted.
- Now Client and Server have the same K. They can use K to encrypt request, M1 and response, M2 for communication in a secure way.