1
00:00:00,000 --> 00:00:03,000
Now that we understand how Ppgpp works.

2
00:00:03,000 --> 00:00:09,000
In this lecture and the next few lectures, I'm going to show you how to use it to encrypt all kinds

3
00:00:09,000 --> 00:00:13,000
of data, verify integrity, and so on.

4
00:00:13,000 --> 00:00:20,000
Now, as I explained in the previous lecture, for this to work, the receiver, which is John in this

5
00:00:20,000 --> 00:00:26,000
case, has to first generate a key pair, a public key and a private key.

6
00:00:26,000 --> 00:00:31,000
He will share the public key with the person who he wants to receive data from.

7
00:00:31,000 --> 00:00:36,000
That person who is David in this example will use the public key to encrypt the message.

8
00:00:36,000 --> 00:00:38,000
Send the message to John.

9
00:00:38,000 --> 00:00:44,000
The message will be unreadable unless the private key is used to decrypt it.

10
00:00:44,000 --> 00:00:49,000
And as you can see throughout this whole scenario, the private key never left John.

11
00:00:49,000 --> 00:00:52,000
So John never shares the private key.

12
00:00:52,000 --> 00:00:56,000
And it is the only key that can be used to decrypt the data.

13
00:00:56,000 --> 00:01:00,000
Therefore, this implementation is very, very secure.

14
00:01:02,000 --> 00:01:08,000
So like I said, the first step for this is the receiver needs to generate a key pair.

15
00:01:08,000 --> 00:01:10,000
A public key and a private key.

16
00:01:10,000 --> 00:01:16,000
So in this lecture, I'm going to show you how we can create our own key pair so that we can share our

17
00:01:16,000 --> 00:01:20,000
public key with the people that we want to receive data from.

18
00:01:20,000 --> 00:01:27,000
And then they can use this public key to encrypt data and send it to us so that we are the only ones

19
00:01:27,000 --> 00:01:31,000
that can decrypt this data because we have the private key.

20
00:01:31,000 --> 00:01:38,000
So we can do this in tales easily using a pre-installed program called Cleopatra.

21
00:01:38,000 --> 00:01:44,000
You can find this program in the applications under accessories, and we have it right here.

22
00:01:44,000 --> 00:01:49,000
Now, you actually would have used this program already if you installed the Tor browser on Windows.

23
00:01:49,000 --> 00:01:55,000
But anyway, we have a different use case in here and the goal is to actually use it to create a key

24
00:01:55,000 --> 00:01:56,000
pair for us.

25
00:01:57,000 --> 00:02:03,000
Now, as you can see by default it has a number of keys already installed on it.

26
00:02:03,000 --> 00:02:07,000
Now these keys are pre-installed by the developers.

27
00:02:07,000 --> 00:02:13,000
You can see the names of these keys, the emails associated with them, the dates from which they're

28
00:02:13,000 --> 00:02:16,000
valid and until when they expire.

29
00:02:16,000 --> 00:02:17,000
And the key ID.

30
00:02:18,000 --> 00:02:25,000
Now it's very important to understand that you should never delete any of these keys because these keys

31
00:02:25,000 --> 00:02:30,000
are actually used to validate the integrity of packages that tales downloads.

32
00:02:30,000 --> 00:02:36,000
So whenever you're installing updates or if you're installing programs on tales, these keys are used

33
00:02:36,000 --> 00:02:41,000
to validate that these packages or these updates are not getting modified as they're being downloaded

34
00:02:41,000 --> 00:02:43,000
from their original sources.

35
00:02:43,000 --> 00:02:46,000
So it's very important to keep these keys the same.

36
00:02:46,000 --> 00:02:50,000
What we want to do right now is to create our own key.

37
00:02:50,000 --> 00:02:55,000
And to do that, we're going to click on file and click on New key Pair.

38
00:02:56,000 --> 00:03:02,000
We're going to select the first option in here to generate a personal openpgp key pair.

39
00:03:02,000 --> 00:03:06,000
And it's asking us for the name and the email.

40
00:03:06,000 --> 00:03:08,000
As you can see, these values are optional.

41
00:03:08,000 --> 00:03:10,000
You don't actually have to put anything in here.

42
00:03:10,000 --> 00:03:17,000
It is very important to keep in mind that the values that you put in here will be visible to anybody

43
00:03:17,000 --> 00:03:19,000
that you share the key with.

44
00:03:19,000 --> 00:03:23,000
So if you're sharing it in the future with people that you are not sure you should trust, then you

45
00:03:23,000 --> 00:03:30,000
want to make sure that you use the fake name and fake ID and your private or anonymous email that we

46
00:03:30,000 --> 00:03:33,000
created earlier, or you can simply just leave it blank.

47
00:03:34,000 --> 00:03:41,000
So I'm going to just put the name as John Wick and my private and anonymous email is J and seven at

48
00:03:41,000 --> 00:03:43,000
illudin.

49
00:03:43,000 --> 00:03:49,000
And I'm going to click on the advanced Options to show you what we can change and give you an idea of

50
00:03:49,000 --> 00:03:50,000
what else can be modified.

51
00:03:50,000 --> 00:03:56,000
So you can see in here the encryption or the key type is set to RSA.

52
00:03:56,000 --> 00:03:58,000
You want to keep this the same.

53
00:03:58,000 --> 00:03:59,000
This is a very strong encryption.

54
00:03:59,000 --> 00:04:04,000
We're just going to increase its value to 4096 bits.

55
00:04:05,000 --> 00:04:11,000
And in here in the certificate usage, you can tick the boxes that you're going to use this key for.

56
00:04:11,000 --> 00:04:16,000
So as you can see right now, the key is going to be used for signing for encryption and certification.

57
00:04:16,000 --> 00:04:19,000
And we're not going to be using that key for authentication.

58
00:04:19,000 --> 00:04:20,000
That is completely fine.

59
00:04:20,000 --> 00:04:24,000
We actually only want to use it for signing encryption and certification.

60
00:04:24,000 --> 00:04:26,000
So we're going to keep all of these options the same.

61
00:04:26,000 --> 00:04:33,000
And you can also set an expiry date for this key so that it expires once it reaches the date that you

62
00:04:33,000 --> 00:04:39,000
select here, you can untick this box to keep it valid forever or just keep it ticked and set an appropriate

63
00:04:39,000 --> 00:04:40,000
date.

64
00:04:41,000 --> 00:04:43,000
Once you're happy with the options we're going to click on.

65
00:04:43,000 --> 00:04:44,000
Okay.

66
00:04:44,000 --> 00:04:47,000
And we're going to click on next to go to the next step.

67
00:04:47,000 --> 00:04:52,000
As you can see, it's showing us a summary of the values, the details that we filled.

68
00:04:52,000 --> 00:04:58,000
And you can click here to show all details, to see all of the options and the values that we selected.

69
00:04:58,000 --> 00:04:59,000
We're happy with everything.

70
00:04:59,000 --> 00:05:05,000
So we're going to click, Create, and finally, it's going to ask us to set a passphrase for this key.

71
00:05:05,000 --> 00:05:09,000
Make sure you choose a strong passphrase that is hard to brute force or to guess.

72
00:05:09,000 --> 00:05:13,000
And we're going to click on okay to finish this process.

73
00:05:14,000 --> 00:05:15,000
And perfect.

74
00:05:15,000 --> 00:05:16,000
The key is created.

75
00:05:16,000 --> 00:05:18,000
Now we have the fingerprint as well.

76
00:05:18,000 --> 00:05:23,000
We spoke about this previously when we were talking about validation and we will actually talk about

77
00:05:23,000 --> 00:05:25,000
it in more details in the next lectures.

78
00:05:25,000 --> 00:05:28,000
We'll also talk about these next steps in the next lectures.

79
00:05:28,000 --> 00:05:31,000
Anyway, so we're happy with what we did so far.

80
00:05:31,000 --> 00:05:36,000
We're simply going to click Finish and as you can see, we have the new key in here at the bottom in

81
00:05:36,000 --> 00:05:37,000
bold.

82
00:05:38,000 --> 00:05:42,000
Now this key is in bold because it actually contains two keys.

83
00:05:42,000 --> 00:05:45,000
It contains a private key and a public key.

84
00:05:45,000 --> 00:05:49,000
The public key is the one that you share with the people that you want to share encrypted data with.

85
00:05:49,000 --> 00:05:53,000
And the private one is the one that you keep yourself and you never share it.

86
00:05:54,000 --> 00:05:59,000
All of the other keys in here are not in bold because they are public keys.

87
00:05:59,000 --> 00:06:03,000
They do not contain the private key because these are actually not our own keys.

88
00:06:03,000 --> 00:06:09,000
Therefore, the creators of tales have shared their public key in here so that we can validate the packages

89
00:06:09,000 --> 00:06:12,000
downloaded are actually made by them.

90
00:06:12,000 --> 00:06:18,000
But these entries do not contain the private key, obviously, because the tales developers keep these

91
00:06:18,000 --> 00:06:24,000
private keys for themselves and use them to sign the packages that they distribute to us.

92
00:06:25,000 --> 00:06:32,000
Now, you can also get more details about any of these keys by simply right clicking the key and going

93
00:06:32,000 --> 00:06:35,000
to the details in here at the bottom.

94
00:06:35,000 --> 00:06:40,000
So as you can see, we can see the email, the name, We could see this anyway at the start.

95
00:06:40,000 --> 00:06:42,000
You can also see the dates from which it's valid.

96
00:06:42,000 --> 00:06:47,000
And when it expires, you can see the type, you can see the fingerprint.

97
00:06:47,000 --> 00:06:52,000
And like I said, this is useful for data validation, but we'll talk about that in more details later.

98
00:06:52,000 --> 00:06:58,000
You can even change the passphrase from here and the more details in here, obviously give us even more

99
00:06:58,000 --> 00:07:05,000
details and we'll talk more about exporting the keys and sharing them and sharing the certificates in

100
00:07:05,000 --> 00:07:06,000
the next lectures.

101
00:07:06,000 --> 00:07:12,000
But for now, we have our key created and stored inside this program, Cleopatra.

102
00:07:12,000 --> 00:07:17,000
And in the future, I'm going to show you how to use this program and use this key to encrypt text and

103
00:07:17,000 --> 00:07:19,000
share information privately.