WEBVTT

00:00.870 --> 00:06.870
Now that we understand how Pjp works in this lecture and the next few lectures, I'm going to show you

00:06.870 --> 00:13.230
how to use it to encrypt all kinds of data, verify integrity and so on.

00:13.770 --> 00:20.340
Now, as I explained in the previous lecture for this to work, the receiver, which is John in this

00:20.340 --> 00:26.400
case, has to first generate a key pair, a public key and a private key.

00:26.430 --> 00:31.560
He will share the public key with the person who he wants to receive data from.

00:31.560 --> 00:36.900
That person who is David in this example will use the public key to encrypt the message.

00:36.900 --> 00:38.730
Send the message to John.

00:38.730 --> 00:44.310
The message will be unreadable unless the private key is used to decrypt it.

00:44.790 --> 00:50.040
And as you can see throughout this whole scenario, the private key never left John.

00:50.040 --> 00:57.030
So John never shares the private key, and it is the only key that can be used to decrypt the data.

00:57.030 --> 01:00.840
Therefore, this implementation is very, very secure.

01:02.450 --> 01:09.320
So like I said, the first step for this is the receiver needs to generate a key pair, a public key

01:09.320 --> 01:10.700
and a private key.

01:10.730 --> 01:16.820
So in this lecture, I'm going to show you how we can create our own key pair so that we can share our

01:16.820 --> 01:20.450
public key with the people that we want to receive data from.

01:20.450 --> 01:27.440
And then they can use this public key to encrypt data and send it to us so that we are the only ones

01:27.440 --> 01:33.830
that can decrypt this data because we have the private key so entails.

01:33.830 --> 01:35.780
This is actually very, very easy.

01:35.780 --> 01:41.030
You can do it using the clipboard applet that we have in here on the top, right?

01:41.030 --> 01:44.150
So you can click on it and go to manage keys.

01:44.180 --> 01:49.280
Now, in the recent versions of Tails, they've been moving this all over the place.

01:49.280 --> 01:57.860
So if you can't find it here, we can go to applications, utilities and click on passwords and keys.

01:58.830 --> 02:04.210
This will open a program that can be used to manage all your passwords entails.

02:04.230 --> 02:09.720
But what we're interested in is managing our new PG keys.

02:10.290 --> 02:15.180
Now clicking on this, as you can see, we have a number of entries by default.

02:15.540 --> 02:17.530
Do not delete these entries.

02:17.550 --> 02:25.110
These are actually keys used to verify the integrity of updates that tells downloads and the integrity

02:25.110 --> 02:29.310
of packages that you can download through details and install on your system.

02:29.310 --> 02:34.170
So if you delete them, you won't be able to verify the integrity of these packages.

02:34.830 --> 02:37.560
So we're keeping everything here the same.

02:37.560 --> 02:44.280
And what we want to do, like I said, is create our own key pair so we can share our public key with

02:44.280 --> 02:50.340
others so we can receive encrypted data that can only be decrypted by us.

02:51.060 --> 02:57.960
To do that, to create a key pair, you can click on the plus sign in here or you can go on file new.

02:58.650 --> 03:02.740
Like I said, this application allows you to manage all sorts of keys.

03:02.760 --> 03:06.410
What we're interested in is creating a p-gp key.

03:06.420 --> 03:10.950
So I'm going to click on the second entry here and I'm going to click on Continue.

03:11.370 --> 03:13.500
Now it's going to ask you for your name.

03:13.500 --> 03:15.810
So in my case, I'm using John Wick.

03:16.320 --> 03:19.200
Next, it's going to ask you for your email address.

03:19.200 --> 03:26.130
Now, it is very important to understand that the people that you'll share the public key with will

03:26.130 --> 03:29.850
be able to see your name and your email address.

03:29.880 --> 03:36.060
Therefore, if you want to stay anonymous and protect your privacy, make sure you use the fake name

03:36.060 --> 03:42.180
that you created when you created your fake identity and make sure you use your private or anonymous

03:42.180 --> 03:43.320
email in here.

03:43.560 --> 03:47.610
In my case, it's J and ck7 at dot n.

03:48.960 --> 03:53.920
We're also going to click on the advanced options to select the encryption type.

03:53.940 --> 03:58.410
I'm going to keep this at RSA because this is a very strong encryption.

03:58.770 --> 04:04.800
We're going to set the key strength to the highest possible, which is 4096.

04:05.310 --> 04:12.420
And you can also set an expiry date so that your key expires at the date that you specify in here.

04:12.870 --> 04:17.340
Now, this would be good if you want to take your security to the next level.

04:17.340 --> 04:19.350
But for this course, it's fine.

04:19.350 --> 04:21.150
I'm going to set it to never expire.

04:21.150 --> 04:25.980
I'll keep this ticked and I'm going to click on Create to create my key pair.

04:26.610 --> 04:30.150
Now it's going to ask me to set a passphrase for the key.

04:30.180 --> 04:32.820
Make sure you set a strong and long one.

04:33.570 --> 04:34.020
Click.

04:34.020 --> 04:34.890
Okay.

04:35.490 --> 04:38.820
And this program is going to generate your key pair.

04:38.820 --> 04:42.780
And as you can see right here, we have a new entry with my key pair.

04:43.260 --> 04:48.630
Now, notice the icon here for this key pair contains two keys as silver and a gold one.

04:48.660 --> 04:50.930
This means that this is a key pair.

04:50.940 --> 04:54.240
It contains a private key and a public key.

04:54.660 --> 05:02.460
Notice all of the other entries in here contain only one gold key, which means that these entries only

05:02.460 --> 05:03.960
contain a public key.

05:03.960 --> 05:10.110
So these can be used to encrypt data for someone else or verify the integrity of data.

05:10.260 --> 05:13.200
But there is no private key stored in here.

05:14.040 --> 05:20.280
Now, to get more information about any of these entries, you can right click and click on properties.

05:21.270 --> 05:26.100
And in here you can see information about the honor, for example, the name John Wick, like we said

05:26.100 --> 05:26.410
it.

05:26.430 --> 05:29.520
The email again, the same email that we set it to.

05:30.030 --> 05:34.290
You can see the key ID, which can be used to verify the key.

05:34.290 --> 05:36.330
And we'll talk about that later.

05:36.600 --> 05:43.350
And if we go on the details, you'll also see the fingerprint, which can also be used to verify the

05:43.350 --> 05:43.840
key.

05:43.860 --> 05:45.390
We actually use this one.

05:45.390 --> 05:48.480
We downloaded the Tor browser, if you remember.

05:48.480 --> 05:54.660
And as we go through this section, actually, you'll see how the verification steps we followed to

05:54.660 --> 05:59.280
verify the Tor browser makes sense, and all of this will click with that.

05:59.760 --> 06:05.490
Now, from here, you can also export your secret key, which is something that you should never do,

06:05.490 --> 06:08.760
because, like I said, we should never share the secret key.

06:08.760 --> 06:11.490
The secret key should always be kept privately.

06:11.640 --> 06:17.700
The only time that you might want to do this is if you're going to completely wipe the system and still

06:17.700 --> 06:19.230
want to use the same key.

06:19.230 --> 06:26.580
You might want to export this store it in an encrypted USB device and then put it on your next installation.

06:26.670 --> 06:31.260
Other than that, there is no need to export your key from here.

06:32.530 --> 06:33.130
From here.

06:33.130 --> 06:38.560
You can also set the expiry so as as shown before we set the expiry to never.

06:38.560 --> 06:44.650
But if you change your mind you can click on this icon and set the key to expire at any date you want.

06:45.460 --> 06:51.520
And going back to the names and signatures, you can see again your name and the email associated with

06:51.520 --> 06:57.580
this key, and you can click on add name to add more contacts to be associated with this key.

06:57.580 --> 07:04.120
But like I said, be very careful when you're doing this because these contacts will be visible to anybody

07:04.120 --> 07:06.010
that can see your public key.

07:06.010 --> 07:11.230
And like I said, in general, we will be sharing our public key with a lot of people because this is

07:11.230 --> 07:15.460
the way this works so that they can encrypt data and send it to us.

07:16.790 --> 07:22.370
So now that we have the key pair created in the next lecture, we're going to talk about how to share

07:22.370 --> 07:28.430
our public key with our contacts, and then we'll see how that can be used to encrypt data and verify

07:28.430 --> 07:29.300
integrity.