1
00:00:01,030 --> 00:00:07,060
Now that we understand how PDP works in this lecture and the next few lectures I'm gonna show you how

2
00:00:07,060 --> 00:00:13,960
to use it to encrypt all kinds of data verify integrity and so on.

3
00:00:13,960 --> 00:00:20,770
Now as I explained in the previous lecture for this to work the receiver which is John in this case

4
00:00:20,980 --> 00:00:26,650
has to first generate a key pair a public key and a private key.

5
00:00:26,650 --> 00:00:33,250
He will share the public key with the person who he wants to receive data from that person who is David.

6
00:00:33,280 --> 00:00:38,730
And this example will use the public key to encrypt the message send the message to John.

7
00:00:38,800 --> 00:00:45,010
The message will be unreadable unless the private key is used to decrypted.

8
00:00:45,010 --> 00:00:51,910
And as you can see throughout this whole scenario the private key never left John so John never shares

9
00:00:51,910 --> 00:00:53,170
the private key.

10
00:00:53,170 --> 00:00:57,190
And it is the only key that can be used to decrypt the data.

11
00:00:57,190 --> 00:01:06,490
Therefore this implementation is very very secure so like I said the first step for this is the receiver

12
00:01:06,490 --> 00:01:10,610
needs to generate a keeper a public key and a private key.

13
00:01:10,930 --> 00:01:17,200
So in this lecture I'm going to show you how we can create our own keeper so that we can share our public

14
00:01:17,200 --> 00:01:20,350
key with the people that we want to receive data from.

15
00:01:20,620 --> 00:01:27,340
And then they can use this public key to encrypt data and send it to us so that we are the only ones

16
00:01:27,580 --> 00:01:33,850
that can decrypt this data because we have the private key so entails.

17
00:01:33,850 --> 00:01:35,870
This is actually very very easy.

18
00:01:35,920 --> 00:01:40,840
You can do it using the clipboard applet that we have in here on the top right.

19
00:01:41,260 --> 00:01:44,260
So you can click on it and go to manage keys.

20
00:01:44,410 --> 00:01:49,310
Now in the recent versions of tales they've been moving this all over the place.

21
00:01:49,420 --> 00:01:58,760
So if you can't find it here we can go to applications utilities and click on passwords and keys.

22
00:01:58,990 --> 00:02:04,390
This will open a program that can be used to manage all your passwords entails.

23
00:02:04,390 --> 00:02:12,850
But what we're interested in is managing our g new P G keys now clicking on this as you can see we have

24
00:02:12,940 --> 00:02:15,730
a number of entries by default.

25
00:02:15,730 --> 00:02:17,560
Do not delete these entries.

26
00:02:17,560 --> 00:02:25,090
These are actually keys used to verify the integrity of updates that tells downloads and the integrity

27
00:02:25,090 --> 00:02:29,430
of packages that you can download through tables and install on your system.

28
00:02:29,440 --> 00:02:34,960
So if you delete them you won't be able to verify the integrity of these packages.

29
00:02:34,960 --> 00:02:37,620
So we're keeping everything here the same.

30
00:02:37,750 --> 00:02:44,710
And what we want to do like I said is create our own keeper so we can share our public key with others

31
00:02:44,860 --> 00:02:50,760
so we can receive encrypted data that can only be decrypted by us.

32
00:02:51,160 --> 00:02:58,520
To do that to create a keeper you can click on the plus sign in here or you can go on file new.

33
00:02:58,810 --> 00:03:02,870
Like I said This application allows you to manage all sorts of keys.

34
00:03:02,920 --> 00:03:06,440
What we're interested in is creating a PDP key.

35
00:03:06,520 --> 00:03:11,530
So I'm going to click on the second entry here and I'm going to click on continue.

36
00:03:11,530 --> 00:03:13,650
Now it's going to ask you for your name.

37
00:03:13,660 --> 00:03:19,340
So in my case I'm using John Wick next it's going to ask you for your email address.

38
00:03:19,360 --> 00:03:26,320
Now it is very important to understand that the people that you'll share the public key with will be

39
00:03:26,320 --> 00:03:30,050
able to see your name and your email address.

40
00:03:30,070 --> 00:03:36,430
Therefore if you want to stay anonymous and protect your privacy make sure you use the fake name that

41
00:03:36,430 --> 00:03:42,640
you created when you created your fake identity and make sure you use your private or anonymous e-mail

42
00:03:42,670 --> 00:03:43,690
in here.

43
00:03:43,690 --> 00:03:52,070
In my case S.J. and S.K. seven at a new dot in we're also going to click on the advanced options to

44
00:03:52,070 --> 00:03:54,010
select the encryption type.

45
00:03:54,140 --> 00:03:58,940
I'm going to keep this at RSA because this is a very strong encryption.

46
00:03:58,940 --> 00:04:05,780
We're going to set the key strength to the highest possible which is four thousand ninety six and you

47
00:04:05,780 --> 00:04:13,010
can also set an expiry date so that your key expires at the date that you specify in here.

48
00:04:13,010 --> 00:04:17,420
Now this would be good if you want to take your security to the next level.

49
00:04:17,480 --> 00:04:19,360
But for this course it's fine.

50
00:04:19,370 --> 00:04:21,140
I'm going to set it to never expire.

51
00:04:21,140 --> 00:04:26,730
I'll keep this ticked and I'm going to click on create to create my keeper.

52
00:04:26,810 --> 00:04:30,270
Now it's going to ask me to set a passphrase for the key.

53
00:04:30,350 --> 00:04:33,990
Make sure you set a strong and long one click.

54
00:04:34,020 --> 00:04:35,570
Okay.

55
00:04:35,680 --> 00:04:38,950
And this program is going to generate your key pair.

56
00:04:39,060 --> 00:04:43,440
And as you can see right here we have a new entry with my keeper.

57
00:04:43,470 --> 00:04:48,790
Now notice the icon here for this keeper contains two keys a silver and gold one.

58
00:04:48,810 --> 00:04:51,000
This means that this is a keeper.

59
00:04:51,030 --> 00:04:54,810
It contains a private key and a public key.

60
00:04:54,810 --> 00:05:02,430
Notice all of the other entries in here contain only one gold key which means that these entries only

61
00:05:02,430 --> 00:05:09,480
contain a public key so these can be used to encrypt data for someone else or verify the integrity of

62
00:05:09,480 --> 00:05:10,390
data.

63
00:05:10,500 --> 00:05:14,250
But there is no private key stored in here.

64
00:05:14,250 --> 00:05:21,590
Now to get more information about any of these entries you can right click and click on properties and

65
00:05:21,590 --> 00:05:26,480
in here you can see information about the owner for example the name John wake like we said it.

66
00:05:26,600 --> 00:05:27,490
The email again.

67
00:05:27,500 --> 00:05:30,190
The same email that we sent it to.

68
00:05:30,200 --> 00:05:34,370
You can see the key idea which can be used to verify the key.

69
00:05:34,460 --> 00:05:36,630
And we'll talk about that later.

70
00:05:36,710 --> 00:05:43,700
And if we go on the details you'll also see the fingerprint which can also be used to verify the key

71
00:05:44,030 --> 00:05:47,400
we actually use this when we downloaded the Tor browser.

72
00:05:47,420 --> 00:05:53,720
If you remember and as we go through this section actually you'll see how the verification steps we

73
00:05:53,720 --> 00:05:59,960
followed to verify the third browser makes sense and all of this will click with that.

74
00:05:59,990 --> 00:06:05,960
Now from here you can also export your secret key which is something that you should never do because

75
00:06:05,960 --> 00:06:11,830
like I said we should never share the secret key the secret key should always be kept privately.

76
00:06:11,870 --> 00:06:17,690
The only time that you might want to do this is if you're gonna completely wipe the system and still

77
00:06:17,690 --> 00:06:19,280
want to use the same key.

78
00:06:19,340 --> 00:06:21,010
You might want to export this.

79
00:06:21,020 --> 00:06:26,840
Store it in an encrypted USP device and then put it on your next installation.

80
00:06:26,840 --> 00:06:32,210
Other than that there is no need to export your key from here.

81
00:06:32,680 --> 00:06:38,710
From here you can also set the expiry so as as shown before we set the expiry to never.

82
00:06:38,710 --> 00:06:43,860
But if you change your mind you can click on this icon and set the key to expire at any date.

83
00:06:43,870 --> 00:06:51,310
You want and going back to the names and signatures you can see again your name and the email associated

84
00:06:51,310 --> 00:06:57,510
with this key and you can click on Add name to add more contacts to be associated with this key.

85
00:06:57,730 --> 00:07:04,030
But like I said be very careful when you're doing this because these contacts will be visible to anybody

86
00:07:04,210 --> 00:07:06,220
that can see your public key.

87
00:07:06,220 --> 00:07:11,350
And like I said in general we will be sharing our public key with a lot of people because this is the

88
00:07:11,350 --> 00:07:15,440
way this works so that they can encrypt data and send it to us.

89
00:07:17,010 --> 00:07:22,410
So now that we have the key power created in the next lecture we're going to talk about how to share

90
00:07:22,410 --> 00:07:28,430
our public key with our contacts and then we'll see how that can be used to encrypt data and verify

91
00:07:28,440 --> 00:07:29,100
integrity.