WEBVTT

00:00.550 --> 00:07.810
In this section and in the next lectures, I'm going to show you how to use Pjp to encrypt and decrypt

00:07.840 --> 00:17.230
text files, emails, and we're also going to use it to sign and verify the integrity of files, emails

00:17.230 --> 00:18.250
and so on.

00:18.730 --> 00:25.060
This way we'll be able to communicate safely because everything will send and receive will be encrypted,

00:25.060 --> 00:29.890
and we'll be able to verify the integrity of the data being sent.

00:29.890 --> 00:36.730
So we'll be able to sign whatever we send and the receiver will be able to verify that this data has

00:36.730 --> 00:40.690
actually been sent from us and has not been tampered with.

00:41.640 --> 00:48.270
Now the reason why we're going to use BGP for encryption and to verify integrity, because this is a

00:48.270 --> 00:54.240
very strong encryption that stood the test of time and has not been broken yet.

00:54.330 --> 01:01.530
Even based on leaked reports, it seems like even government agencies are not able to break it yet.

01:01.530 --> 01:07.360
So it's a very, very strong encryption, even though PJP stands for pretty good encryption.

01:07.380 --> 01:13.500
This statement is actually sarcastic because this is a very strong and powerful encryption.

01:14.070 --> 01:19.110
Now, in this lecture, I want to explain to you how Pjp works in general.

01:19.110 --> 01:24.810
And then in the next lectures, we'll see how we can use it to encrypt all sorts of data and how to

01:24.810 --> 01:27.420
use it to sign and verify integrity.

01:28.490 --> 01:33.800
Now Pjp is a public key or an asymmetric encryption.

01:33.800 --> 01:40.070
And to understand how that works, let's first have a look on the other traditional type of encryption,

01:40.070 --> 01:41.720
symmetric encryption.

01:42.620 --> 01:47.850
So let's have an example where we have two people, David and John.

01:47.870 --> 01:50.630
We're going to forget about how they're going to communicate.

01:50.630 --> 01:55.580
We're just going to assume that David wants to send a message to John.

01:55.580 --> 01:59.090
And the content of this message is secret message.

01:59.720 --> 02:05.780
Now, if David wants to protect his message from anyone who might intercept this message or read it,

02:05.810 --> 02:12.860
he can use an encryption key in order to encrypt this message, and this will transform the message

02:12.860 --> 02:14.300
into gibberish.

02:15.080 --> 02:22.670
Then he can go ahead and send this message to John using any method by sending it as an email or by

02:22.670 --> 02:24.620
post or as a text message.

02:24.620 --> 02:26.060
It doesn't really matter.

02:26.150 --> 02:31.850
And if this message gets intercepted, the contents of the message is going to be gibberish.

02:31.850 --> 02:35.390
So it won't be useful to the person intercepting this.

02:35.780 --> 02:37.610
John will receive the message.

02:37.610 --> 02:39.020
He will open the message.

02:39.020 --> 02:41.090
The message will still be gibberish.

02:41.090 --> 02:48.950
And then John is going to use the same encryption key to decrypt this message and reveal its content,

02:48.950 --> 02:51.050
which was secret message.

02:51.530 --> 02:53.450
So very, very simple.

02:53.450 --> 02:56.740
Basically, David uses a key to encrypt the message.

02:56.750 --> 03:02.300
John uses the same key to decrypt it, and this way they're both able to read the message.

03:02.300 --> 03:07.340
But anybody who does not have the key will not be able to read the message.

03:07.880 --> 03:12.020
So the same key is used by David and by John.

03:12.020 --> 03:15.740
Therefore, this is known as symmetric encryption.

03:16.130 --> 03:18.350
Now, you probably guessed it by now.

03:18.350 --> 03:20.530
This key needs to be private.

03:20.540 --> 03:28.520
That's why it's known as a secret key, because anybody who manages to get his hands on this key, they

03:28.520 --> 03:34.010
will be able to decrypt any message that David sends to John and vice versa.

03:35.220 --> 03:42.510
So based on everything that we said so far, we can see that the secret key can be used to decrypt the

03:42.510 --> 03:43.290
messages.

03:43.590 --> 03:46.360
Because of that, it should be kept a secret.

03:46.380 --> 03:53.580
But David somehow has to share it with John and anyone else David wants to communicate with.

03:54.030 --> 04:00.930
Therefore, this is a major flaw with symmetric encryption because the key has to be secret, but at

04:00.930 --> 04:06.720
the same time has to be shared and sharing it with more people increases the attack surface, not to

04:06.720 --> 04:10.020
mention the problem of sharing the actual key.

04:10.050 --> 04:11.300
How are we going to share it?

04:11.310 --> 04:13.410
Are we going to send it in a separate message?

04:13.410 --> 04:15.720
What if that message gets intercepted?

04:15.750 --> 04:21.810
What if we're sending stuff over the Internet and we know how many hops our data could pass by?

04:21.840 --> 04:27.600
This could be intercepted, read, and then the rest of our communication will be decrypted.

04:28.080 --> 04:35.400
This was the main incentive to come up with a more secure encryption, and this is where asymmetric

04:35.400 --> 04:37.470
or public key encryption comes.

04:38.190 --> 04:42.540
So let's go back to David wanting to send a message to John.

04:42.540 --> 04:47.640
And the content of the message is secret message and asymmetric encryption.

04:47.640 --> 04:50.460
One key is used to encrypt the message.

04:50.490 --> 04:57.480
The message is sent in the air, and then another key is used to decrypt the message.

04:57.960 --> 05:06.090
So as you can see in this encryption, two different keys are used and hence the name asymmetric encryption.

05:06.810 --> 05:10.700
Now these two keys are referred to as a key pair.

05:10.710 --> 05:13.020
They are mathematically related.

05:13.020 --> 05:18.180
One is used for encrypting the message and the other is used for decryption.

05:18.180 --> 05:23.700
Therefore, the decryption key is never shared, and that's why it's more secure.

05:24.120 --> 05:28.680
Now you're thinking if the decryption key is never shared, how is this going to work?

05:29.040 --> 05:33.120
Well, let's go back and have a closer look on how this is going to work.

05:33.210 --> 05:36.690
So, again, David wants to send a message to John.

05:36.690 --> 05:39.630
The content of the message is secret message.

05:39.630 --> 05:47.040
But before sending this message and before encrypting it, John is going to create a key pair, a public

05:47.040 --> 05:48.930
key and a private key.

05:49.560 --> 05:56.790
Like I said, these keys are mathematically linked and John is going to send the public key to David,

05:56.790 --> 05:59.460
to the person that will send the message.

05:59.820 --> 06:02.970
So the public key can be shared with anybody.

06:02.970 --> 06:07.470
You can actually make it public on the Internet, on key directories.

06:07.500 --> 06:13.030
It doesn't really matter because it cannot be used to determine the private key.

06:13.050 --> 06:16.830
Therefore, it's completely safe to share the public key.

06:17.310 --> 06:19.920
So David receives the public key.

06:19.950 --> 06:23.100
He uses the public key to encrypt the message.

06:23.100 --> 06:25.860
The message is sent using any method.

06:25.860 --> 06:27.120
It doesn't really matter.

06:27.120 --> 06:30.320
And even if it's intercepted, it's going to be gibberish.

06:30.330 --> 06:32.430
John will receive the message.

06:32.430 --> 06:33.840
He will open the message.

06:33.840 --> 06:40.410
The message will still be gibberish, but he will use the private key to decrypt this message.

06:40.860 --> 06:44.310
This way he will get the content of the secret message.

06:44.310 --> 06:48.200
And as you can see, the private key was never shared.

06:48.210 --> 06:52.210
John created the private key and John kept the private key.

06:52.230 --> 06:58.470
The only thing that is shared is the public key, which cannot be used to determine the private key

06:58.470 --> 07:01.280
and cannot be used to decrypt the message.

07:01.290 --> 07:04.530
It can only be used to encrypt the message.

07:05.420 --> 07:12.200
So by the end of the communication, David is going to have John's public key and John is going to keep

07:12.200 --> 07:13.330
their private key.

07:13.340 --> 07:19.610
Therefore, now David can always send messages to John, and John will always be able to decrypt them

07:19.610 --> 07:21.800
using his own private key.

07:21.890 --> 07:29.060
Not only that, but when David encrypt something with John's public key, he can be rest assured that

07:29.060 --> 07:35.420
nobody can decrypt this message except for John, because John is the only one that has the private

07:35.450 --> 07:38.990
key, and his private key should never be shared.

07:39.020 --> 07:44.660
If John knows what he's doing because there is no point of sharing it, even if he wants 100 people

07:44.660 --> 07:50.420
to send him messages, all he has to do is share his public key and not his private key.

07:51.140 --> 07:56.780
Now, if John wanted to send something to David, the same can be done in an opposite direction.

07:56.780 --> 07:59.100
So David would create a key pair.

07:59.120 --> 08:06.000
He would send John his public key, and then John would use David's public key to encrypt messages.

08:06.020 --> 08:10.760
When David receives them, he will use his own private key to decrypt them.

08:10.910 --> 08:13.100
So the idea is very, very simple.

08:13.100 --> 08:20.030
You share your public key, hence the name public that is completely safe because it can't be used to

08:20.030 --> 08:24.830
determine the private key and it can't be used to decrypt the messages.

08:24.830 --> 08:31.100
So you share the public key and anyone who wants to send you a message, they will encrypt that message

08:31.100 --> 08:37.160
with your own public key, and this way you will be the only one that can decrypt this message.

08:37.340 --> 08:39.740
Same goes when you want to send another message.

08:39.740 --> 08:45.770
For example, if you wanted to send a message to me, all you have to do is encrypt that message with

08:45.770 --> 08:47.180
my public key.

08:47.180 --> 08:52.790
And this way, because I don't share my private key with anyone, I will be the only one that can read

08:52.790 --> 08:53.390
the message.

08:53.390 --> 08:55.370
So you can put this message anywhere.

08:55.370 --> 09:01.430
You can share it publicly, and it will still be safe because no one will be able to read that message

09:01.430 --> 09:02.360
but me.