Forward security in transport layer security using temporary keys

Transport layer security (TLS) connection establishment for a new session between a client and a server is implemented using a temporary (temporary) key pair. In response to the request, the server generates a temporary certificate by signing the temporary public key using a private key of the server. A certificate chain including at least a temporary certificate, including a temporary public key, along with a server certificate, is output by the server to the client as a subordinate certificate authority. The client verifies the certificate, generates a session key, and outputs the session key packaged by the temporary public key. To complete connection establishment, the server applies a temporary private key to restore a session key derived at the client for the new session. Thereafter, the client and the server use the session key to encrypt and decrypt data on the link. The temporary key pair is not reused. 使用临时(暂时)密钥对来实现针对客户端和服务器之间的新会话的传输层安全(TLS)连接建立。响应于请求，服务器通过使用服务器的私钥对临时公钥进行签名来生成临时证书。至少包括临时证书连同服务器证书的证