WEBVTT

0
00:01.000 --> 00:09.400
Public key cryptography or asymmetric cryptography is a cryptographic system that uses pairs of keys,

1
00:09.910 --> 00:18.400
public keys which are made public and private keys which are known only to the owner; the public and

2
00:18.460 --> 00:20.740
the private keys are related

3
00:20.980 --> 00:28.540
and there isn't a known way to generate the private key from the public key. Data encrypted with the

4
00:28.540 --> 00:34.000
private key can only be decrypted with the public key and vice versa.

5
00:35.390 --> 00:41.390
In such a system any person can encrypt the message using the receiver's public key,

6
00:41.630 --> 00:48.500
but that encrypted message can only be decrypted with the receiver's private key.

7
00:48.540 --> 00:54.990
For example if I want to send you an encrypted message I need your public key to encrypt the message.

8
00:55.410 --> 00:58.540
Being encrypted with your public key

9
00:58.560 --> 01:06.420
the message can be decrypted only with the private key of the key pair and you are and you are the only person 

10
01:06.420 --> 01:09.680
that possesses the key.

11
01:09.680 --> 01:11.210
Note that the length of keys of asymmetric encryption algorithms

12
01:15.310 --> 01:21.300
are much larger than the length of the keys of symmetric algorithms

13
01:21.430 --> 01:30.600
without being more secure; for example an AES key of 128 bits and a RSA 

14
01:30.610 --> 01:34.630
key of 3072 bits 

15
01:34.630 --> 01:37.150
both have a similar strength.

16
01:37.150 --> 01:45.020
You cannot compare the key length of symmetric and asymmetric encryption algorithms easily.

17
01:45.940 --> 01:51.800
Let's get started with a hands-on example! To make it crystal clear,

18
01:51.850 --> 01:54.230
I'll started from scratch.

19
01:54.310 --> 02:01.820
There are two users that want to exchange secret information or files and they will encrypt them

20
02:01.880 --> 02:04.500
asymmetrically. Symmetric

21
02:04.510 --> 02:12.440
encryption is not viable because there is no secure way to exchange a secret, a shared key. Each user

22
02:12.500 --> 02:20.300
will generate a key pair, keep the secret key private and publish the public key on a public key

23
02:20.300 --> 02:26.120
server. Let's generate the key pair for each user:

24
02:26.210 --> 02:29.260
gpg --gen-key 

25
02:36.080 --> 02:39.230
I'll use the passphrase to lock the private key

26
02:44.750 --> 02:45.320
Perfect!

27
02:50.010 --> 02:57.570
And I am publishing the public key to pgp.mit.edu key server.

28
02:57.570 --> 03:03.600
The last lecture was all about key servers and distributing the keys.

29
03:03.630 --> 03:08.860
Take a look again if you feel the need! Let's see

30
03:09.030 --> 03:17.660
the key id gpg --list-keys --keyid-format long

31
03:19.940 --> 03:20.930
This is the key id.

32
03:21.500 --> 03:30.120
I'll use it to publish the key on the key server so gpg--key server.

33
03:31.520 --> 03:33.040
hkp

34
03:33.080 --> 03:34.500
This is not mandatory!

35
03:34.550 --> 03:35.500
:

36
03:35.660 --> 03:42.480
// pgp.mit.edu --send

37
03:42.560 --> 03:45.620
-keys  and the key id

38
03:49.110 --> 03:55.280
okay, sorry, it's pgp not gpg ! Pperfect.

39
03:55.340 --> 04:00.140
The key was sent and I'll do the same for the second user.

40
04:00.260 --> 04:04.210
Each user needs its own key pair.

41
04:04.310 --> 04:10.070
Now I'm generating the key pair of the user and publish the public key on the key server

42
04:30.780 --> 04:31.630
okay.

43
04:31.740 --> 04:36.810
At this moment each user has a public and a private key.

44
04:36.810 --> 04:42.980
The public key is on the server and the private key is kept secret locally.

45
04:42.990 --> 04:49.050
The next step is to import the other users public key in the gpg keyring.

46
04:49.140 --> 04:54.110
This is necessary if you want to send encrypted files to the other user.

47
04:54.300 --> 05:02.190
Of course if only the first user will send encrypted message to the second user then only the first

48
05:02.190 --> 05:07.050
user needs to import the public key of the second user.

49
05:07.050 --> 05:15.270
In this example only the user on Kali will send encrypted message to the other user, to this one.

50
05:17.830 --> 05:25.210
To import a public key you need either the public key in a text file or the key idea to download it

51
05:25.210 --> 05:26.760
from the key server,

52
05:26.830 --> 05:34.270
of course if it was published there; in this example the user on Kali will import the public key from

53
05:34.270 --> 05:41.950
the key server; to do that the user needs the keyid. We suppose he has received it by email or 

54
05:42.430 --> 05:44.080
or by any other means.

55
05:45.770 --> 05:53.470
This is the keyid; so gpg --keyserver

56
05:53.540 --> 06:00.700
pgp.mit.edu  --recv and 


57
06:00.740 --> 06:01.390
the keyid

58
06:07.940 --> 06:13.730
Okay, the public key of the second user was imported.

59
06:13.740 --> 06:20.520
Note that it needs some time for the server to synchronize after receiving the key.

60
06:20.520 --> 06:27.810
So after sending the key you must wait a minute or two until you can import the key in another terminal,

61
06:27.840 --> 06:33.720
or in another machine; if you don't have the keyid

62
06:33.770 --> 06:38.950
you can search for a key by the owner's name or email address like this

63
06:43.230 --> 06:49.550
--search-keys and a string to search.

64
06:49.630 --> 06:51.980
Let's take the user's email address.

65
07:01.160 --> 07:10.850
And it found the key; this command will print a list of matching results and you enter the number next

66
07:10.880 --> 07:11.620
to the one

67
07:11.720 --> 07:21.670
you want to import. I've already imported the key so I'll press on q from quit. Let's  list the

68
07:21.670 --> 07:28.740
public keys in the keyring:  gpg --list-keys


69
07:28.990 --> 07:31.390
Okay there are two public keys.

70
07:31.600 --> 07:41.370
My own public key and the other users public key; let's move on and encrypt a file for the second user

71
07:41.460 --> 07:46.450
asymmetrically using the public key of the second user.

72
07:47.430 --> 07:48.200
Let's see 

73
07:48.210 --> 07:48.950
the keyid.

74
07:52.180 --> 07:52.870
Okay.

75
07:52.960 --> 07:58.290
And I'm writing gpg -e from encrypt;

76
07:58.300 --> 08:01.990
you can write -e or -- encrypt,

77
08:02.020 --> 08:02.860
it's the same

78
08:06.860 --> 08:11.640
-r and the recipient's keyid,

79
08:12.110 --> 08:15.260
in this case is the id of the second user's key;

80
08:19.740 --> 08:22.690
and the file I want to encrypt.

81
08:22.740 --> 08:25.880
I'll create a new file in another terminal, here.

82
08:26.100 --> 08:28.150
in the gpg directory.

83
08:28.150 --> 08:35.740
I'm creating a simple file let's say secret information and an output redirection.

84
08:35.910 --> 08:39.270
For example message.txt

85
08:41.970 --> 08:42.420
okay.

86
08:42.430 --> 08:43.260
This is the file.

87
08:43.930 --> 08:45.730
so message.txt

88
08:48.590 --> 08:53.260
and it wants me to confirm that I want to use that key.

89
08:53.270 --> 09:01.800
This warning is normal in this case. In the same directory a new binary file has appeared.

90
09:01.860 --> 09:04.910
message.txt.gpg

91
09:05.070 --> 09:06.450
This is a binary file,

92
09:10.500 --> 09:13.090
it was asymmetrically encrypted.

93
09:17.010 --> 09:25.320
If you want to encrypt and store in ASCII format you must add --armore or -a the option

94
09:25.500 --> 09:26.360
like this:

95
09:27.740 --> 09:31.830
-a from armore or --armor.

96
09:31.910 --> 09:32.700
It's the same.

97
09:40.380 --> 09:50.520
And the encrypted file resulted is a message.txt .asc from ASCII and is a text or ASCII

98
09:50.520 --> 09:50.870
file.

99
09:57.720 --> 10:07.600
This is the file! Note that the both binary and ASCII versions decrypt the same way.

100
10:07.670 --> 10:15.740
Now the user will send the encrypted message to the other user on an unsecured channel like the public

101
10:15.740 --> 10:16.640
Internet.

102
10:16.640 --> 10:26.660
In this example I'll transfer the encrypted file to the second user using scp;  scp uses ssh and it's 

103
10:26.680 --> 10:35.810
an encrypted connection but I could also use an unencrypted one like http or ftp; I'm using scp only because

104
10:35.810 --> 10:38.690
it's already set up and it's working.

105
10:38.690 --> 10:43.310
I don't want to set up an ftp server for that.

106
10:43.580 --> 10:47.240
Let's see the IP address of the other Linux machine:

107
10:50.050 --> 10:56.980
so scp the encrypted file or files; I'll copy both encrypted files

108
11:01.520 --> 11:07.250
the name of the user on the other machine student and the IP address.

109
11:10.270 --> 11:17.310
And the local path where to copy the files, home it's directory okay.

110
11:17.310 --> 11:19.790
There is an extra zero.

111
11:19.980 --> 11:20.810
It was a typo.

112
11:20.900 --> 11:21.600
Okay.

113
11:21.630 --> 11:25.770
This is the correct address and the user's password.

114
11:27.190 --> 11:29.830
And the encrypted files were copied

115
11:32.930 --> 11:34.300
these are the files.

116
11:36.260 --> 11:43.600
The recipient has the encrypted files and wants to decrypt them using its own private key.

117
11:43.620 --> 11:50.900
He is the only person in the world that has the private key so only he can decrypt the files and he

118
11:50.900 --> 11:58.460
writes gpg- d or -- decrypt and the name of the encrypted file.

119
11:59.330 --> 12:02.180
Let's take the binary one, this one.

120
12:03.080 --> 12:10.010
It's asking for the passphrase that will unlock the private key and I'm entering the passphrase

121
12:13.860 --> 12:19.480
and we see the contents of the file secret information.

122
12:19.490 --> 12:21.430
This was the content of the file.

123
12:23.210 --> 12:26.660
This command didn't create a new file.

124
12:26.930 --> 12:30.740
It printed out the file contents at the terminal.

125
12:31.850 --> 12:39.990
If you want to create a new file you can simply add -0 from output and the name of the file.

126
12:40.100 --> 12:43.050
For example message.txt

127
12:47.490 --> 12:52.490
The filie was decrypted and the new file was created.

128
12:52.950 --> 12:56.570
The other file, the ASCII one, decryts the same way.

129
13:00.690 --> 13:01.830
I'm overwriting the file.

130
13:04.350 --> 13:07.550
That's all about asymmetric encryption.

131
13:07.560 --> 13:08.100
Thank you!