1 00:00:08,230 --> 00:00:15,320 Let us start with the last section of cryptography, that is the Public Infrastructure and Certificate 2 00:00:15,340 --> 00:00:15,970 Authority. 3 00:00:17,500 --> 00:00:25,770 In this lecture, we will learn to introduce and describe what is mean by public cryptography or public 4 00:00:25,840 --> 00:00:26,620 infrastructure. 5 00:00:26,620 --> 00:00:27,610 That is key. 6 00:00:27,910 --> 00:00:35,100 Then we will see about certificate authority and relation between PCI and see, let's get started. 7 00:00:35,620 --> 00:00:36,640 What is begi? 8 00:00:37,780 --> 00:00:44,970 Public infrastructure is a technology for authenticating users and devices in the digital world. 9 00:00:46,150 --> 00:00:54,820 The basic idea is to have one or more trusted parties digitally sign the documents certifying that a 10 00:00:54,820 --> 00:01:00,280 particular cryptographic key belongs to a particular user or device. 11 00:01:02,090 --> 00:01:07,010 The key can be used as an identify the user in digital networks. 12 00:01:08,870 --> 00:01:16,320 The users and devices that have keys are often called as entities in general. 13 00:01:16,850 --> 00:01:25,520 Anything can be associated with a key that it can use as its identity besides a user or device. 14 00:01:26,030 --> 00:01:32,870 It could be a program process, manufacturer component or something else. 15 00:01:34,280 --> 00:01:40,010 The purpose of PGI is to securely associate Akwe with an entity. 16 00:01:41,920 --> 00:01:49,720 The trustor party signing the document, associating with the key is known as certificate authority. 17 00:01:50,920 --> 00:01:58,900 The certificate authority also has a cryptographic key that it uses for signing these documents. 18 00:02:00,710 --> 00:02:03,440 These documents are called certificates. 19 00:02:04,370 --> 00:02:11,930 In the real world, there are many certificate authorities and most computers and Web browsers trust 20 00:02:11,930 --> 00:02:15,420 100 or so certificate authorities by default. 21 00:02:17,180 --> 00:02:20,240 Let us have a look at the key management in BGI. 22 00:02:21,790 --> 00:02:31,420 The first step is the key generation, key establishment, the storage, key usage, Kilkivan and key 23 00:02:31,420 --> 00:02:32,040 destruction. 24 00:02:33,160 --> 00:02:36,880 But what is this in cryptography? 25 00:02:37,210 --> 00:02:44,110 It is very tedious task to distribute the public and private keys between sender, a receiver. 26 00:02:45,200 --> 00:02:51,550 If the key is known to the third party, then the whole security mechanism becomes worthless. 27 00:02:53,010 --> 00:02:56,840 So there comes the need to secure the exchange of keys. 28 00:02:58,590 --> 00:03:07,620 Not that there are two aspects for management distribution of public keys and use of public key encryption 29 00:03:07,740 --> 00:03:09,380 to distribute secrets. 30 00:03:11,660 --> 00:03:13,310 Distribution of public. 31 00:03:14,400 --> 00:03:23,490 Public key can be distributed in full with public announcement publicly available directly public authority 32 00:03:24,060 --> 00:03:25,770 and public certificates. 33 00:03:27,130 --> 00:03:31,810 So what is a public announcement in public announcement? 34 00:03:32,020 --> 00:03:39,730 The public is broadcasted to everyone, but the major weakness of this method is forgery. 35 00:03:40,890 --> 00:03:46,140 Anyone can create a key claiming to be someone else and then broadcast it. 36 00:03:47,700 --> 00:03:51,450 Then publicly available directly in this tape. 37 00:03:52,020 --> 00:03:55,380 The public key is stored in a public database. 38 00:03:56,190 --> 00:04:03,840 Directories are trusted here with properties like participant registration access and allowed to modify 39 00:04:03,840 --> 00:04:05,870 our values at any time. 40 00:04:07,670 --> 00:04:16,010 Public certification, this time, the authority provides a certificate to allow key exchange without 41 00:04:16,010 --> 00:04:18,730 real time access to the public authority. 42 00:04:19,880 --> 00:04:27,860 The certificate is accompanied with some other information and roads which are only restricted to the 43 00:04:27,860 --> 00:04:28,460 authority. 44 00:04:29,720 --> 00:04:35,510 All of this content is signed by the trusted publicly also difficult authority. 45 00:04:35,510 --> 00:04:36,770 That is it. 46 00:04:37,160 --> 00:04:42,850 And then it can be verified by anyone possessing the authority's public. 47 00:04:45,170 --> 00:04:48,060 You have heard the word of certificate authority. 48 00:04:48,620 --> 00:04:50,540 So what is the certificate authority? 49 00:04:51,810 --> 00:05:00,270 A certificate authority also sometimes referred to as a certification authority, is a company or organization 50 00:05:00,510 --> 00:05:10,560 that acts to validate the identities of entities such as websites, emails, companies or even individual 51 00:05:10,560 --> 00:05:20,130 persons and bind them to cryptographic keys through the issuance of electronic documents known as digital 52 00:05:20,130 --> 00:05:21,060 certificates. 53 00:05:22,350 --> 00:05:30,390 A digital certificate provides authentication by serving as a credential to validate the identity of 54 00:05:30,390 --> 00:05:40,290 the entity that it is issued encryption encryption for secure communication or insecure networks such 55 00:05:40,290 --> 00:05:41,310 as the Internet. 56 00:05:42,440 --> 00:05:51,710 And lastly, integrity, integrity of documents signed with the certificate so that they cannot be altered 57 00:05:51,860 --> 00:05:53,630 by a third party in-transit. 58 00:05:56,080 --> 00:06:03,640 Now, let us have a look at how digital certificates and certificate authority work together to produce 59 00:06:03,760 --> 00:06:05,650 the public key infrastructure. 60 00:06:07,630 --> 00:06:15,070 Consider Bob, is an applicant, typically an applicant for a digital certificate, will generate a 61 00:06:15,070 --> 00:06:21,680 key pair consisting of a private and public key along with CSR. 62 00:06:22,030 --> 00:06:31,660 You can see identifying information and public together give a CSR, a CSR stance for certificate signing 63 00:06:31,660 --> 00:06:32,350 request. 64 00:06:33,550 --> 00:06:42,040 A CSR is an encoded text file that includes the public key and other information that will be included 65 00:06:42,040 --> 00:06:43,120 in the certificate. 66 00:06:44,530 --> 00:06:52,450 Keeper and CSR generation are usually done on the server or the workstation where the certificate will 67 00:06:52,450 --> 00:07:01,050 be installed and the type of information included in the CSR varies depending upon the validation level. 68 00:07:02,410 --> 00:07:09,910 Unlike the public, the applicant's private key is kept secure and should never be shown to the CIA 69 00:07:10,390 --> 00:07:11,680 or anyone else. 70 00:07:11,980 --> 00:07:19,600 So if you are the applicant, you must remember your private key and you're not supposed to share this 71 00:07:19,600 --> 00:07:22,900 private key, even with the certificate authority. 72 00:07:24,670 --> 00:07:31,940 So once you are done generating the CSR, you send the application to the CIA. 73 00:07:32,110 --> 00:07:40,330 That is certificate authority, who independently verifies that the information it contains is correct 74 00:07:40,780 --> 00:07:48,430 and if so, digitally sign the certificate within issuing private key and sends it the applicant. 75 00:07:50,280 --> 00:07:57,360 So when the signed certificate is presented to the third party, such as when that person accesses the 76 00:07:57,360 --> 00:08:06,420 holders website, the recipient can cryptographically confirm the C is digital signal via C is publicly 77 00:08:07,500 --> 00:08:07,950 so. 78 00:08:08,280 --> 00:08:14,370 Insha C is signed the document with its public key and the third party can verify. 79 00:08:14,580 --> 00:08:18,720 See it publicly because public key is a public knowledge. 80 00:08:18,730 --> 00:08:23,820 It is readily available through the techniques that we have seen a couple of minutes ago. 81 00:08:25,140 --> 00:08:33,060 Additionally, the recipient can use the certificate to confirm that sign content was sent by someone 82 00:08:33,390 --> 00:08:40,410 in possession of the corresponding private key, and that information has not been altered since it 83 00:08:40,410 --> 00:08:41,090 was signed. 84 00:08:42,780 --> 00:08:45,180 But here is an important thing. 85 00:08:46,440 --> 00:08:54,510 Although any organization such as company, department or a government agency can operate as the Certificate 86 00:08:54,510 --> 00:09:03,360 Authority commercial C is like SSL dot com can provide publicly trusted certificates for purposes such 87 00:09:03,360 --> 00:09:08,910 as as web websites, emails, documents, signing, etc.. 88 00:09:10,280 --> 00:09:18,220 A dot com provides PGI with public or private trust for both businesses and government customers. 89 00:09:18,750 --> 00:09:21,090 You can go to the website to check more. 90 00:09:22,410 --> 00:09:30,720 The main weakness of public PGI is that any certificate authority can sign a certificate for any person 91 00:09:30,720 --> 00:09:31,590 or computer. 92 00:09:32,550 --> 00:09:39,720 Among other things, intelligence agencies can use fraudulent certificates for espionage, malware, 93 00:09:40,110 --> 00:09:41,940 forging and injections. 94 00:09:42,540 --> 00:09:49,470 For this reason, only limited trust should be placed on certificates from public certificate authorities. 95 00:09:50,920 --> 00:09:57,650 Make sure that you are aware that some organizations run their own private public infrastructures. 96 00:09:58,150 --> 00:10:05,830 This means they run their own internal sort of authority and therefore then they also trust public keys 97 00:10:05,830 --> 00:10:07,240 for the same entities. 98 00:10:07,570 --> 00:10:11,360 There is no added security in the next chapter. 99 00:10:11,650 --> 00:10:14,770 We will go into dive deeper of cyber security. 100 00:10:14,770 --> 00:10:17,500 That is the applications of cryptography.