WEBVTT

00:00.600 --> 00:07.200
Now that we understand how signing works in Pjp and this lecture, I want to show you how to encrypt

00:07.200 --> 00:14.580
messages and sign them as the sender and how to verify the signature as a receiver and then decrypt

00:14.580 --> 00:15.360
the message.

00:16.350 --> 00:21.820
So right here I have John's computer and let's go ahead and send a message to David.

00:21.840 --> 00:28.170
So as we've seen before, the first thing you want to do is open up a text editor and we're going to

00:28.170 --> 00:29.880
type the content of our message.

00:29.880 --> 00:35.910
So I'm just going to say this is a secret side message from John to David.

00:36.450 --> 00:39.620
Now, like we seen before, I'm going to select all of this.

00:39.630 --> 00:41.190
I'm going to copy it.

00:41.610 --> 00:48.690
I'm going to go to my BGP clipboard and I'm going to click on Sign Encrypt Clipboard with public keys.

00:49.260 --> 00:53.420
Next, we want to select the public keys that we want to encrypt the message with.

00:53.430 --> 00:57.410
And like I said, I'm sending this message to David, so I'm going to take him.

00:57.420 --> 01:01.470
You can also take John if you want to be able to decrypt your own message.

01:01.920 --> 01:08.340
And unlike what we did in the previous lecture before clicking on, okay, I'm going to go to sign message.

01:08.340 --> 01:14.640
As if you click on this list, you will see a list of all of the private keys that you have on this

01:14.640 --> 01:15.330
computer.

01:15.330 --> 01:17.130
So this is John's computer.

01:17.130 --> 01:21.210
And as you can see, the only private key that we have is John works.

01:21.210 --> 01:24.330
So I'm going to select that and I'm going to click.

01:24.330 --> 01:25.080
Okay.

01:26.320 --> 01:28.190
It's shown a warning about the key.

01:28.210 --> 01:29.910
It's my own key, so I trust it.

01:29.920 --> 01:30.730
So I'm going to click.

01:30.730 --> 01:31.330
Yes.

01:32.440 --> 01:38.110
And then it's going to ask you to enter the passphrase that you selected when you created this key.

01:39.460 --> 01:40.900
I'm going to hit oak.

01:41.940 --> 01:47.940
And as you can see right here, the icon of the clipboard changed to a lock, which means that now in

01:47.940 --> 01:52.740
my clipboard, I have the encrypted message along with the signature.

01:52.740 --> 01:57.900
So I know in my diagrams in here, when we were sending the message, I said, we're going to send a

01:57.900 --> 01:59.490
message with its signature.

01:59.490 --> 02:06.630
But in reality, both the message content and the signature is all going to be one block of text.

02:06.720 --> 02:13.140
So if I'm back here at my text editor and just paste whatever that is in my clipboard, you'll see.

02:13.140 --> 02:19.500
We'll just get one block of text that contains the content of the message and the signature.

02:20.340 --> 02:27.210
So as we did before, I'm going to go to my email, I'm going to compose a new message, and I'm sending

02:27.210 --> 02:28.670
this to David Smith.

02:31.120 --> 02:36.700
And I'm going to paste the message along with its signature, like I said, and I'm going to click on

02:36.700 --> 02:38.740
Send to send the message.

02:39.820 --> 02:44.260
Now let's go to David's computer, refresh our inbox.

02:46.310 --> 02:48.440
And click on the new email.

02:48.860 --> 02:50.450
We have the message content.

02:50.450 --> 02:54.590
So again, we're going to select all of it right click copy.

02:54.830 --> 03:01.070
And as you can see right here, we can see the lock on the BGP applet one.

03:01.070 --> 03:05.270
Click on this and we're going to click on Decrypt Verify Clipboard.

03:05.270 --> 03:09.770
So the steps are very, very similar to what we did in the previous lecture.

03:11.170 --> 03:15.340
Now it's going to ask me to enter the passphrase for my own key.

03:15.340 --> 03:16.900
For David Smith's key.

03:20.080 --> 03:24.910
And as you can see, we see the content of the message, again, very similar to what we seen in the

03:24.910 --> 03:26.080
previous lecture.

03:26.200 --> 03:32.740
But at the same time, you can see at the bottom in here, it's telling us that this message has been

03:32.740 --> 03:36.370
signed with a good signature of John Wick.

03:36.760 --> 03:41.530
We can also see the key ID and the key fingerprint.

03:42.540 --> 03:49.680
So right now we're sure that the person that encrypted this message, the sender is actually John Wick

03:49.680 --> 03:53.790
and it's not someone else that is pretending to be John Wick.

03:53.820 --> 04:01.740
Not only that, but we're also sure that the contents of this message was not modified as it was transmitted

04:01.740 --> 04:02.250
to us.

04:02.250 --> 04:08.400
Because, like I said, when data is sent over the Internet or over a lot of methods of communications,

04:08.460 --> 04:13.990
it passes through a number of hubs, and each one of these hubs could be modified.

04:14.010 --> 04:20.790
Not only that, it can also be intercepted by a number of methods, and when hackers or agencies intercept

04:20.790 --> 04:24.930
them, they can modify them, implant data or remove some data.

04:25.440 --> 04:31.920
Therefore, when the signature checks out, as we can see in here, if it's verified, that means that

04:31.920 --> 04:37.950
the message was not modified since it was signed by John's private key.

04:39.330 --> 04:46.180
Now you can also see that there is a warning sign saying the key is not certified with a trusted signature.

04:46.200 --> 04:47.130
This is fine.

04:47.130 --> 04:49.100
You can actually ignore the message.

04:49.110 --> 04:52.610
It's just because the key is not set to be trusted.

04:52.620 --> 04:57.330
But what's really important in here is to see if this is a good signature.

04:57.330 --> 05:04.260
Because like I said, if it says it's a good signature, that means that the message was signed by John's

05:04.260 --> 05:09.870
private key and it did not get modified since it got signed by his key.

05:10.810 --> 05:17.650
So right now we have a method to send data in a way so that even if it gets intercepted by any party,

05:17.650 --> 05:19.330
they won't be able to read it.

05:19.360 --> 05:22.750
The only person that will be able to read it is the receiver.

05:22.780 --> 05:29.140
Not only that, but the receiver will be able to verify that this was sent from the person that they

05:29.140 --> 05:35.980
want the message from so they can verify the sender and verify that the message did not get modified

05:35.980 --> 05:37.900
as it was being sent.