The enterprise system directly communicates on the basis of HTTPS two-way authentication. Is it necessary to add additional signature verification to the key fields? It involves accounting and security, please give me some advice from someone with relevant experience!
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
HTTPS itself uses encrypted transmission.
Look at what kind of encryption your HTTPS certificate uses. SHA256 is originally a very high-level encryption method.
How many years is it expected that the current SSL encryption technology will be easily cracked?
And security is not only the security of the transmission process, but also involves other aspects. If you still can’t trust these encryption methods, then add another layer!
https can only ensure communication security
Digital signature can prevent repudiation