1 00:00:00,640 --> 00:00:07,640 In this section and in the next lectures I'm going to show you how to use PDP to encrypt and decrypt 2 00:00:08,000 --> 00:00:17,540 text files emails and we're also going to use it to sign and verify the integrity of files emails and 3 00:00:17,540 --> 00:00:18,920 so on. 4 00:00:18,920 --> 00:00:24,830 This way we'll be able to communicate safely because everything will send and receive will be encrypted 5 00:00:25,340 --> 00:00:30,020 and we'll be able to verify the integrity of the data being sent. 6 00:00:30,050 --> 00:00:36,740 So we'll be able to sign whatever we send and the receiver will be able to verify that this data has 7 00:00:36,740 --> 00:00:40,460 actually been sent from us and has not been tampered with. 8 00:00:41,770 --> 00:00:48,680 Now the reason why we're going to use BGP for encryption and to verify integrity because this is a very 9 00:00:48,680 --> 00:00:56,480 strong encryption that stood the test of time and has not been broken yet even based on leaked reports 10 00:00:56,750 --> 00:01:01,610 it seems like even government agencies are not able to break it yet. 11 00:01:01,670 --> 00:01:04,100 So it's a very very strong encryption. 12 00:01:04,100 --> 00:01:07,360 Even though PDP stands for pretty good encryption. 13 00:01:07,610 --> 00:01:14,240 This statement is actually sarcastic because this is a very strong and powerful encryption. 14 00:01:14,270 --> 00:01:20,750 Now in this lecture I want to explain to you how PDP works in general and then in the next lectures 15 00:01:20,750 --> 00:01:28,600 we'll see how we can use it to encrypt all sorts of data and how to use it to sign and verify integrity. 16 00:01:28,660 --> 00:01:34,060 Now PDP is a public key or an asymmetric encryption. 17 00:01:34,060 --> 00:01:39,970 And to understand how that works let's first have a look on the other traditional type of encryption 18 00:01:40,150 --> 00:01:42,250 symmetric encryption. 19 00:01:42,820 --> 00:01:49,720 So let's have an example where we have two people David and John were going to forget about how they're 20 00:01:49,720 --> 00:01:50,650 going to communicate. 21 00:01:50,650 --> 00:01:55,670 We're just going to assume that David wants to send a message to John. 22 00:01:55,780 --> 00:01:59,810 And the content of this message is secret message. 23 00:01:59,920 --> 00:02:06,220 Now if David wants to protect his message from anyone who might intercept this message or read it he 24 00:02:06,220 --> 00:02:13,450 can use an encryption key in order to encrypt this message and this will transform the message into 25 00:02:13,450 --> 00:02:22,050 gibberish then he can go ahead and send this message to John using any method by sending it as an email 26 00:02:22,170 --> 00:02:24,660 or by post or as a text message. 27 00:02:24,660 --> 00:02:26,150 It doesn't really matter. 28 00:02:26,400 --> 00:02:31,980 And if this message gets intercepted the contents of the message is going to be gibberish. 29 00:02:32,010 --> 00:02:35,920 So we want to be useful to the person intercepting this. 30 00:02:35,940 --> 00:02:37,740 John will receive the message. 31 00:02:37,740 --> 00:02:39,060 He will open the message. 32 00:02:39,060 --> 00:02:41,280 The message will still be gibberish. 33 00:02:41,370 --> 00:02:48,960 And then John is going to use the same encryption key to decrypt this message and reveal its content 34 00:02:49,050 --> 00:02:51,660 which was secret message. 35 00:02:51,660 --> 00:02:53,490 So very very simple. 36 00:02:53,490 --> 00:02:56,850 Basically David uses a key to encrypt the message. 37 00:02:56,850 --> 00:02:59,250 John uses the same key to decrypt it. 38 00:02:59,340 --> 00:03:02,380 And this way they're both able to read the message. 39 00:03:02,400 --> 00:03:08,070 But anybody who does not have the key will not be able to read the message. 40 00:03:08,070 --> 00:03:12,170 So the same key is used by David and by John. 41 00:03:12,240 --> 00:03:16,350 Therefore this is known as symmetric encryption. 42 00:03:16,350 --> 00:03:18,450 Now you probably guessed it by now. 43 00:03:18,450 --> 00:03:20,660 This key needs to be private. 44 00:03:20,670 --> 00:03:28,530 That's why it's known as a secret key because anybody who manages to get his hands on this key they 45 00:03:28,530 --> 00:03:33,890 will be able to decrypt any message that David sends to John and vice versa. 46 00:03:35,400 --> 00:03:42,510 So based on everything that we said so far we can see that the secret key can be used to decrypt the 47 00:03:42,510 --> 00:03:43,500 messages. 48 00:03:43,710 --> 00:03:46,200 Because of that it should be kept secret. 49 00:03:46,560 --> 00:03:51,360 But David somehow has to share it with John and anyone else. 50 00:03:51,360 --> 00:03:53,950 David wants to communicate with. 51 00:03:54,210 --> 00:04:00,450 Therefore this is a major flaw with symmetric encryption because the key has to be secret. 52 00:04:00,450 --> 00:04:02,730 But at the same time has to be shared. 53 00:04:02,790 --> 00:04:06,240 And sharing it with more people increases the attack surface. 54 00:04:06,360 --> 00:04:10,140 Not to mention the problem of sharing the actual key. 55 00:04:10,140 --> 00:04:11,400 How are we going to share it. 56 00:04:11,400 --> 00:04:13,530 Are we going to send it in a separate message. 57 00:04:13,530 --> 00:04:15,930 What if that message gets intercepted. 58 00:04:15,930 --> 00:04:22,000 What if we're sending stuff over the Internet and we know how many hubs our data could pass by. 59 00:04:22,020 --> 00:04:23,930 This could be intercepted read. 60 00:04:24,000 --> 00:04:28,260 And then the rest of our communication will be decrypted. 61 00:04:28,260 --> 00:04:33,750 This was the main incentive to come up with a more secure encryption. 62 00:04:33,750 --> 00:04:38,340 And this is where asymmetric or public key encryption comes. 63 00:04:38,400 --> 00:04:42,590 So let's go back to David wanting to send a message to John. 64 00:04:42,600 --> 00:04:49,560 And the content of the message is secret message and asymmetric encryption one key is used to encrypt 65 00:04:49,560 --> 00:04:50,530 the message. 66 00:04:50,700 --> 00:04:58,120 The message is sent in the air and then another key is used to decrypt the message. 67 00:04:58,140 --> 00:05:06,980 So as you can see in this encryption two different keys are used and hence the name asymmetric encryption. 68 00:05:07,000 --> 00:05:10,900 Now these two keys are referred to as a key pair. 69 00:05:10,900 --> 00:05:13,190 They are mathematically related. 70 00:05:13,210 --> 00:05:18,400 One is used for encrypting the message and the other is used for decryption. 71 00:05:18,430 --> 00:05:21,670 Therefore the decryption key is never shared. 72 00:05:21,730 --> 00:05:24,230 And that's why it's more secure. 73 00:05:24,310 --> 00:05:28,510 Now you're thinking if the decryption key is never shared how is this going to work. 74 00:05:29,260 --> 00:05:33,350 Well let's go back and have a closer look on how this is going to work. 75 00:05:33,370 --> 00:05:40,930 So again David wants to send a message to John the content of the message a secret message but before 76 00:05:40,930 --> 00:05:47,920 sending this message and before encrypting it John is going to create a key keeper a public key and 77 00:05:47,920 --> 00:05:49,720 a private key. 78 00:05:49,720 --> 00:05:52,690 Like I said These keys are mathematically length. 79 00:05:52,780 --> 00:06:00,040 And John is going to send the public key to David to the person that will send the message. 80 00:06:00,040 --> 00:06:02,980 So the public key can be shared with anybody. 81 00:06:02,980 --> 00:06:07,540 You can actually make it public on the Internet on key directories. 82 00:06:07,540 --> 00:06:12,970 It doesn't really matter because it cannot be used to determine the private key. 83 00:06:13,210 --> 00:06:17,440 Therefore it's completely safe to share the public key. 84 00:06:17,470 --> 00:06:20,080 So David received the public key. 85 00:06:20,080 --> 00:06:23,150 He uses the public key to encrypt the message. 86 00:06:23,260 --> 00:06:27,180 The message is sent using any method doesn't really matter. 87 00:06:27,280 --> 00:06:30,520 And even if it's intercepted It's going to be gibberish. 88 00:06:30,520 --> 00:06:32,500 John will receive the message. 89 00:06:32,500 --> 00:06:39,460 He will open the message the message will still be gibberish but he will use the private key to decrypt 90 00:06:39,460 --> 00:06:44,480 this message this way he will get the content of the secret message. 91 00:06:44,560 --> 00:06:48,310 And as you can see the private key was never shared. 92 00:06:48,310 --> 00:06:50,200 John created the private key. 93 00:06:50,290 --> 00:06:52,360 And John kept the private key. 94 00:06:52,360 --> 00:06:58,930 The only thing that is shared is the public key which cannot be used to determine the private key and 95 00:06:58,930 --> 00:07:01,340 cannot be used to decrypt the message. 96 00:07:01,360 --> 00:07:05,360 It can only be used to encrypt the message. 97 00:07:05,590 --> 00:07:10,490 So by the end of the communication David is going to have John's public key. 98 00:07:10,510 --> 00:07:13,520 And John is going to keep their private key. 99 00:07:13,520 --> 00:07:20,130 Therefore now David can always send messages to John and John will always be able to decrypt them using 100 00:07:20,140 --> 00:07:22,120 his own private key. 101 00:07:22,120 --> 00:07:29,680 Not only that but when David encrypt something with John's public key he can be rest assured that nobody 102 00:07:29,860 --> 00:07:32,470 can decrypt this message except for John. 103 00:07:32,470 --> 00:07:39,070 Because John is the only one that has the private key and his private key should never be shared. 104 00:07:39,100 --> 00:07:44,800 If John knows what he is doing because there is no point of sharing it even if he wants 100 people to 105 00:07:44,800 --> 00:07:51,300 send him messages all he has to do is share his public key and not his private key. 106 00:07:51,310 --> 00:07:56,900 Now if John want to send something to David the same can be done in an opposite direction. 107 00:07:56,920 --> 00:07:59,200 So David would create a keeper. 108 00:07:59,230 --> 00:08:06,190 He would send John his public key and then John would use David's public key to encrypt messages. 109 00:08:06,190 --> 00:08:11,140 When David receives them he will use his own private key to decrypt them. 110 00:08:11,140 --> 00:08:13,180 So the idea is very very simple. 111 00:08:13,180 --> 00:08:16,620 You share your public key has the name public. 112 00:08:16,660 --> 00:08:21,910 That is completely safe because it can't be used to determine the private key. 113 00:08:22,000 --> 00:08:25,000 And it can't be used to decrypt the messages. 114 00:08:25,000 --> 00:08:26,410 So you share the public key. 115 00:08:26,650 --> 00:08:32,980 And anyone who wants to send you a message they will encrypt that message with your own public key. 116 00:08:33,070 --> 00:08:37,570 And this way you will be the only one that can decrypt this message. 117 00:08:37,570 --> 00:08:39,760 Same goes when you want to send another message. 118 00:08:39,760 --> 00:08:46,240 For example if you wanted to send a message to me all you have to do is encrypt that message with my 119 00:08:46,270 --> 00:08:50,770 public key and this way because I don't share my private key with anyone. 120 00:08:50,830 --> 00:08:53,480 I will be the only one that can read the message. 121 00:08:53,530 --> 00:08:59,290 So you can put this message anywhere you can share it publicly and it will still be safe because no 122 00:08:59,290 --> 00:09:01,470 one will be able to read that message. 123 00:09:01,540 --> 00:09:02,170 But me.