1 00:00:00,000 --> 00:00:07,000 In this section and in the next lectures, I'm going to show you how to use Pjp to encrypt and decrypt 2 00:00:07,000 --> 00:00:17,000 text files, emails, and we're also going to use it to sign and verify the integrity of files, emails 3 00:00:17,000 --> 00:00:18,000 and so on. 4 00:00:18,000 --> 00:00:25,000 This way we'll be able to communicate safely because everything will send and receive will be encrypted, 5 00:00:25,000 --> 00:00:29,000 and we'll be able to verify the integrity of the data being sent. 6 00:00:29,000 --> 00:00:36,000 So we'll be able to sign whatever we send and the receiver will be able to verify that this data has 7 00:00:36,000 --> 00:00:40,000 actually been sent from us and has not been tampered with. 8 00:00:41,000 --> 00:00:48,000 Now the reason why we're going to use BGP for encryption and to verify integrity, because this is a 9 00:00:48,000 --> 00:00:54,000 very strong encryption that stood the test of time and has not been broken yet. 10 00:00:54,000 --> 00:01:01,000 Even based on leaked reports, it seems like even government agencies are not able to break it yet. 11 00:01:01,000 --> 00:01:07,000 So it's a very, very strong encryption, even though PJP stands for pretty good encryption. 12 00:01:07,000 --> 00:01:13,000 This statement is actually sarcastic because this is a very strong and powerful encryption. 13 00:01:14,000 --> 00:01:19,000 Now, in this lecture, I want to explain to you how Pjp works in general. 14 00:01:19,000 --> 00:01:24,000 And then in the next lectures, we'll see how we can use it to encrypt all sorts of data and how to 15 00:01:24,000 --> 00:01:27,000 use it to sign and verify integrity. 16 00:01:28,000 --> 00:01:33,000 Now Pjp is a public key or an asymmetric encryption. 17 00:01:33,000 --> 00:01:40,000 And to understand how that works, let's first have a look on the other traditional type of encryption, 18 00:01:40,000 --> 00:01:41,000 symmetric encryption. 19 00:01:42,000 --> 00:01:47,000 So let's have an example where we have two people, David and John. 20 00:01:47,000 --> 00:01:50,000 We're going to forget about how they're going to communicate. 21 00:01:50,000 --> 00:01:55,000 We're just going to assume that David wants to send a message to John. 22 00:01:55,000 --> 00:01:59,000 And the content of this message is secret message. 23 00:01:59,000 --> 00:02:05,000 Now, if David wants to protect his message from anyone who might intercept this message or read it, 24 00:02:05,000 --> 00:02:12,000 he can use an encryption key in order to encrypt this message, and this will transform the message 25 00:02:12,000 --> 00:02:14,000 into gibberish. 26 00:02:15,000 --> 00:02:22,000 Then he can go ahead and send this message to John using any method by sending it as an email or by 27 00:02:22,000 --> 00:02:24,000 post or as a text message. 28 00:02:24,000 --> 00:02:26,000 It doesn't really matter. 29 00:02:26,000 --> 00:02:31,000 And if this message gets intercepted, the contents of the message is going to be gibberish. 30 00:02:31,000 --> 00:02:35,000 So it won't be useful to the person intercepting this. 31 00:02:35,000 --> 00:02:37,000 John will receive the message. 32 00:02:37,000 --> 00:02:39,000 He will open the message. 33 00:02:39,000 --> 00:02:41,000 The message will still be gibberish. 34 00:02:41,000 --> 00:02:48,000 And then John is going to use the same encryption key to decrypt this message and reveal its content, 35 00:02:48,000 --> 00:02:51,000 which was secret message. 36 00:02:51,000 --> 00:02:53,000 So very, very simple. 37 00:02:53,000 --> 00:02:56,000 Basically, David uses a key to encrypt the message. 38 00:02:56,000 --> 00:03:02,000 John uses the same key to decrypt it, and this way they're both able to read the message. 39 00:03:02,000 --> 00:03:07,000 But anybody who does not have the key will not be able to read the message. 40 00:03:07,000 --> 00:03:12,000 So the same key is used by David and by John. 41 00:03:12,000 --> 00:03:15,000 Therefore, this is known as symmetric encryption. 42 00:03:16,000 --> 00:03:18,000 Now, you probably guessed it by now. 43 00:03:18,000 --> 00:03:20,000 This key needs to be private. 44 00:03:20,000 --> 00:03:28,000 That's why it's known as a secret key, because anybody who manages to get his hands on this key, they 45 00:03:28,000 --> 00:03:34,000 will be able to decrypt any message that David sends to John and vice versa. 46 00:03:35,000 --> 00:03:42,000 So based on everything that we said so far, we can see that the secret key can be used to decrypt the 47 00:03:42,000 --> 00:03:43,000 messages. 48 00:03:43,000 --> 00:03:46,000 Because of that, it should be kept a secret. 49 00:03:46,000 --> 00:03:53,000 But David somehow has to share it with John and anyone else David wants to communicate with. 50 00:03:54,000 --> 00:04:00,000 Therefore, this is a major flaw with symmetric encryption because the key has to be secret, but at 51 00:04:00,000 --> 00:04:06,000 the same time has to be shared and sharing it with more people increases the attack surface, not to 52 00:04:06,000 --> 00:04:10,000 mention the problem of sharing the actual key. 53 00:04:10,000 --> 00:04:11,000 How are we going to share it? 54 00:04:11,000 --> 00:04:13,000 Are we going to send it in a separate message? 55 00:04:13,000 --> 00:04:15,000 What if that message gets intercepted? 56 00:04:15,000 --> 00:04:21,000 What if we're sending stuff over the Internet and we know how many hops our data could pass by? 57 00:04:21,000 --> 00:04:27,000 This could be intercepted, read, and then the rest of our communication will be decrypted. 58 00:04:28,000 --> 00:04:35,000 This was the main incentive to come up with a more secure encryption, and this is where asymmetric 59 00:04:35,000 --> 00:04:37,000 or public key encryption comes. 60 00:04:38,000 --> 00:04:42,000 So let's go back to David wanting to send a message to John. 61 00:04:42,000 --> 00:04:47,000 And the content of the message is secret message and asymmetric encryption. 62 00:04:47,000 --> 00:04:50,000 One key is used to encrypt the message. 63 00:04:50,000 --> 00:04:57,000 The message is sent in the air, and then another key is used to decrypt the message. 64 00:04:57,000 --> 00:05:06,000 So as you can see in this encryption, two different keys are used and hence the name asymmetric encryption. 65 00:05:06,000 --> 00:05:10,000 Now these two keys are referred to as a key pair. 66 00:05:10,000 --> 00:05:13,000 They are mathematically related. 67 00:05:13,000 --> 00:05:18,000 One is used for encrypting the message and the other is used for decryption. 68 00:05:18,000 --> 00:05:23,000 Therefore, the decryption key is never shared, and that's why it's more secure. 69 00:05:24,000 --> 00:05:28,000 Now you're thinking if the decryption key is never shared, how is this going to work? 70 00:05:29,000 --> 00:05:33,000 Well, let's go back and have a closer look on how this is going to work. 71 00:05:33,000 --> 00:05:36,000 So, again, David wants to send a message to John. 72 00:05:36,000 --> 00:05:39,000 The content of the message is secret message. 73 00:05:39,000 --> 00:05:47,000 But before sending this message and before encrypting it, John is going to create a key pair, a public 74 00:05:47,000 --> 00:05:48,000 key and a private key. 75 00:05:49,000 --> 00:05:56,000 Like I said, these keys are mathematically linked and John is going to send the public key to David, 76 00:05:56,000 --> 00:05:59,000 to the person that will send the message. 77 00:05:59,000 --> 00:06:02,000 So the public key can be shared with anybody. 78 00:06:02,000 --> 00:06:07,000 You can actually make it public on the Internet, on key directories. 79 00:06:07,000 --> 00:06:13,000 It doesn't really matter because it cannot be used to determine the private key. 80 00:06:13,000 --> 00:06:16,000 Therefore, it's completely safe to share the public key. 81 00:06:17,000 --> 00:06:19,000 So David receives the public key. 82 00:06:19,000 --> 00:06:23,000 He uses the public key to encrypt the message. 83 00:06:23,000 --> 00:06:25,000 The message is sent using any method. 84 00:06:25,000 --> 00:06:27,000 It doesn't really matter. 85 00:06:27,000 --> 00:06:30,000 And even if it's intercepted, it's going to be gibberish. 86 00:06:30,000 --> 00:06:32,000 John will receive the message. 87 00:06:32,000 --> 00:06:33,000 He will open the message. 88 00:06:33,000 --> 00:06:40,000 The message will still be gibberish, but he will use the private key to decrypt this message. 89 00:06:40,000 --> 00:06:44,000 This way he will get the content of the secret message. 90 00:06:44,000 --> 00:06:48,000 And as you can see, the private key was never shared. 91 00:06:48,000 --> 00:06:52,000 John created the private key and John kept the private key. 92 00:06:52,000 --> 00:06:58,000 The only thing that is shared is the public key, which cannot be used to determine the private key 93 00:06:58,000 --> 00:07:01,000 and cannot be used to decrypt the message. 94 00:07:01,000 --> 00:07:04,000 It can only be used to encrypt the message. 95 00:07:05,000 --> 00:07:12,000 So by the end of the communication, David is going to have John's public key and John is going to keep 96 00:07:12,000 --> 00:07:13,000 their private key. 97 00:07:13,000 --> 00:07:19,000 Therefore, now David can always send messages to John, and John will always be able to decrypt them 98 00:07:19,000 --> 00:07:21,000 using his own private key. 99 00:07:21,000 --> 00:07:29,000 Not only that, but when David encrypt something with John's public key, he can be rest assured that 100 00:07:29,000 --> 00:07:35,000 nobody can decrypt this message except for John, because John is the only one that has the private 101 00:07:35,000 --> 00:07:38,000 key, and his private key should never be shared. 102 00:07:39,000 --> 00:07:44,000 If John knows what he's doing because there is no point of sharing it, even if he wants 100 people 103 00:07:44,000 --> 00:07:50,000 to send him messages, all he has to do is share his public key and not his private key. 104 00:07:51,000 --> 00:07:56,000 Now, if John wanted to send something to David, the same can be done in an opposite direction. 105 00:07:56,000 --> 00:07:59,000 So David would create a key pair. 106 00:07:59,000 --> 00:08:06,000 He would send John his public key, and then John would use David's public key to encrypt messages. 107 00:08:06,000 --> 00:08:10,000 When David receives them, he will use his own private key to decrypt them. 108 00:08:10,000 --> 00:08:13,000 So the idea is very, very simple. 109 00:08:13,000 --> 00:08:20,000 You share your public key, hence the name public that is completely safe because it can't be used to 110 00:08:20,000 --> 00:08:24,000 determine the private key and it can't be used to decrypt the messages. 111 00:08:24,000 --> 00:08:31,000 So you share the public key and anyone who wants to send you a message, they will encrypt that message 112 00:08:31,000 --> 00:08:37,000 with your own public key, and this way you will be the only one that can decrypt this message. 113 00:08:37,000 --> 00:08:39,000 Same goes when you want to send another message. 114 00:08:39,000 --> 00:08:45,000 For example, if you wanted to send a message to me, all you have to do is encrypt that message with 115 00:08:45,000 --> 00:08:47,000 my public key. 116 00:08:47,000 --> 00:08:52,000 And this way, because I don't share my private key with anyone, I will be the only one that can read 117 00:08:52,000 --> 00:08:53,000 the message. 118 00:08:53,000 --> 00:08:55,000 So you can put this message anywhere. 119 00:08:55,000 --> 00:09:01,000 You can share it publicly, and it will still be safe because no one will be able to read that message 120 00:09:01,000 --> 00:09:02,000 but me.