WEBVTT

00:00.780 --> 00:06.660
Now, before we wrap up this section, I want to spend one more lecture talking about another method

00:06.660 --> 00:10.260
to exchange keys between the sender and the receiver.

00:10.650 --> 00:17.010
So as we learned, we can use BGP in order to encrypt a message and make sure that this message will

00:17.010 --> 00:23.520
only be readable by the receiver by encrypting the message with the receiver's public key.

00:23.670 --> 00:29.370
Therefore, for this to work, for example, if David wanted to send a message to John, he would have

00:29.370 --> 00:32.130
had to get John's public key.

00:32.670 --> 00:34.310
Then same goes for John.

00:34.320 --> 00:40.800
If John wanted to send something to David, he would have had to get David's public key and to exchange

00:40.800 --> 00:41.430
the keys.

00:41.430 --> 00:47.580
In the previous lectures, we used email to send the keys from one person to another.

00:47.790 --> 00:50.610
Now you can use any method of communication.

00:50.790 --> 00:56.610
And like I said, sometimes if you're using a market or if you're on a forum, you might even see the

00:56.610 --> 01:02.250
user, including their public key in their signature or in their profile page.

01:02.700 --> 01:09.210
That way you can use that key to encrypt messages and send them to that user, and you'll be sure that

01:09.210 --> 01:13.140
the only person that will be able to read this message is the user.

01:14.160 --> 01:21.240
Now there is another way of sharing the keys, which I want to cover in this lecture, and that way

01:21.240 --> 01:24.540
relies on using key servers.

01:24.960 --> 01:30.840
So you can think of this as a computer that's accessible on the Internet or on the darknet.

01:30.900 --> 01:33.730
It contains a number of keys.

01:33.750 --> 01:40.740
And then, for example, if David wanted to share his public key with John or with anyone else, they

01:40.740 --> 01:43.860
can upload their key to the server.

01:44.640 --> 01:45.890
Same goes for John.

01:45.900 --> 01:52.380
If he wanted to share his public key with others, he can upload his key to the server as well.

01:53.180 --> 01:59.690
And then if David wanted to communicate with John, he wouldn't need to ask John for the public key

01:59.690 --> 02:00.380
directly.

02:00.380 --> 02:05.060
And John won't need to communicate with David directly and send him the key.

02:05.240 --> 02:11.900
All David has to do is query the server, the key server that is accessible, like I said, on the darknet

02:11.900 --> 02:15.800
or on the internet and download John's public key.

02:16.430 --> 02:17.640
Same goes for John.

02:17.660 --> 02:24.080
If you wanted to get David's public key, he can query the server, download David's key, and that

02:24.080 --> 02:31.460
way both David and John have each other's public keys and therefore they can start communicating and

02:31.460 --> 02:35.840
encrypting messages to each other using each other's public keys.

02:36.890 --> 02:42.830
The only thing that you want to keep in mind when doing this is when you upload your key to this public

02:42.830 --> 02:43.530
server.

02:43.550 --> 02:46.520
Anybody can get your public key.

02:46.550 --> 02:51.140
Now, like I said, the public key cannot be used to decrypt your messages.

02:51.140 --> 02:56.300
But as we've seen before, there is an identity tied up to the key.

02:56.330 --> 03:02.870
Now we used fake information, but if you're using real information, the name will be visible on that

03:02.870 --> 03:06.860
key and the email associated with that key.

03:06.860 --> 03:12.700
Again, like we've seen before, when we create a key, we, we set an email address with that key.

03:12.710 --> 03:16.160
So that email will also be publicly available.

03:16.160 --> 03:22.520
So if you don't want to make this information available, then do not upload your keys to these key

03:22.520 --> 03:23.300
servers.

03:24.140 --> 03:31.400
Also, if the key is associated with other keys or part of a chain of trust, these keys will also become

03:31.400 --> 03:34.790
available along with the information tied up to them.

03:34.790 --> 03:42.200
So any contact associated with the key will also become available and public once you upload that key

03:42.200 --> 03:43.360
to the key server.

03:43.370 --> 03:48.650
So again, if you don't want this information to be public, then do not upload your key to the key

03:48.650 --> 03:54.060
server and just send it directly to the people that you want to share your public key with.

03:54.080 --> 03:58.460
But like I said, the main idea remains sound sharing.

03:58.460 --> 04:01.400
The public key does not compromise the encryption.

04:01.490 --> 04:05.180
The public key cannot be used to decrypt the messages.

04:05.180 --> 04:08.840
It can only be used to encrypt them, hence the name public.

04:08.840 --> 04:14.270
And that's why we can actually share it with anyone we want and we can just make it publicly available.

04:15.420 --> 04:17.070
Now let's see how we can do this.

04:17.070 --> 04:20.430
So first of all, I'm going to go to John's computer right here.

04:20.940 --> 04:23.940
And let's say that I want to make my private key.

04:23.940 --> 04:29.010
So this key right here available and I want to upload it to a key server.

04:29.220 --> 04:34.800
Now, before uploading it to a key server, I need to enable this feature and to do that we're going

04:34.800 --> 04:37.680
to go to edit preferences.

04:38.250 --> 04:45.030
And in here when it says publish keys to I'm going to click on the dropdown menu and select the server

04:45.030 --> 04:45.900
right here.

04:46.140 --> 04:48.780
Now as you can see, this is an onion service.

04:48.780 --> 04:54.990
Therefore, whoever is going to download this key needs to be connected to the Tor network.

04:55.500 --> 05:02.370
Now I'm going to close this and the next thing that I'm going to do is upload this key to the key server.

05:02.370 --> 05:07.350
So to do that, we're going to go to remote and sync and publish keys.

05:07.680 --> 05:12.960
This is telling us that one key is selected and it's going to be synchronized and upload it to the key

05:12.960 --> 05:14.550
server that we selected.

05:15.060 --> 05:22.230
We're going to click on Sync and this will upload my key to the key server that we selected.

05:23.170 --> 05:31.180
Now, anyone who wants to communicate with me with John Wick, they can query this key server and find

05:31.180 --> 05:35.350
my public key and use that to encrypt messages for me.

05:35.980 --> 05:39.960
So in our example, it's David that wants to communicate with John.

05:39.970 --> 05:47.410
We have his computer right here and all he needs to do is open his passwords and keys from the utilities,

05:47.410 --> 05:48.820
as we see before.

05:49.940 --> 05:54.380
And he is going to first select the new PJ Keys.

05:54.410 --> 05:58.150
Go to remote and click on Find Remote Keys.

05:58.160 --> 06:04.580
So these are the steps that you need to use if you want to pull a key from a key server.

06:05.060 --> 06:11.000
When you click on this, you'll get a search box, as you can see in here, which you can use to search

06:11.000 --> 06:12.110
for your contact.

06:12.110 --> 06:15.530
You can search using the name associated with the key.

06:15.530 --> 06:17.210
As we know, that's John Wick.

06:17.300 --> 06:20.390
You can also use the email or the ID.

06:20.900 --> 06:27.950
I'm just going to use the e mail, which is jnck7 at elude dot n.

06:29.220 --> 06:31.360
And I'm going to click on search.

06:32.880 --> 06:36.000
Now, as you can see, I have the result right here.

06:36.570 --> 06:43.440
Now you can right click and look up the properties of this contact and you can see this is for a person

06:43.440 --> 06:44.520
named John Wick.

06:44.550 --> 06:46.150
You can see the email.

06:46.170 --> 06:48.270
You can see the key ID.

06:48.270 --> 06:53.460
And if we click on details, you'll also be able to see the key fingerprint.

06:54.150 --> 07:02.220
Now, ideally, you'd want to confirm the key ID and the fingerprint with your contact before adding

07:02.220 --> 07:08.760
this key, because as we've seen, anyone can publish a key to the key server and claim to be anybody.

07:08.760 --> 07:14.430
So we're not sure that this John Wick is actually the John Wick that we need to communicate with.

07:14.460 --> 07:21.090
Therefore, you should communicate with your contact using another method of communication, for example,

07:21.090 --> 07:27.450
by email, by phone, or by text message, and confirm the fingerprint and the idea that you're about

07:27.450 --> 07:34.200
to add to make sure that this is the correct fingerprint and the correct ID for the key that you want

07:34.200 --> 07:34.890
to add.

07:35.880 --> 07:41.790
Now, obviously, John can get this information again by going to his passwords and keys, right click

07:41.790 --> 07:47.820
his own key, click on properties and he can get his own fingerprint and use that to help you confirm

07:47.820 --> 07:49.920
that this is the right contact.

07:50.280 --> 07:56.910
Once you are sure this is the right contact, you can click it in here and click on import to add it

07:56.910 --> 07:58.050
to your keys.

07:58.770 --> 08:03.240
And as you can see, it got added in here into my key ring.

08:04.430 --> 08:10.550
And then, as we've seen before, you can start typing messages and encrypt them from the applet in

08:10.550 --> 08:14.660
here or encrypt files by right clicking the files and encrypting them.

08:15.820 --> 08:21.730
So basically I just wanted to show you another method of key exchange, how you can upload a key to

08:21.730 --> 08:28.420
a key server and how your contact can download it, or how you can download a key from the key server.

08:29.020 --> 08:35.770
Now keep in mind, when you upload a key to the key server, it might not become immediately available.

08:35.800 --> 08:43.510
I actually pause the video and resume the recording after several hours after uploading the John Key

08:43.510 --> 08:47.860
because usually there are more than just one key server.

08:47.860 --> 08:53.140
So when you upload your key to one of these servers, it actually takes some time for the key to be

08:53.140 --> 08:58.120
shared with all of the servers and to become available for everybody to download.

08:59.000 --> 09:05.090
So if you uploaded a key and your contact tried to download it within the same hour and couldn't find

09:05.090 --> 09:06.200
it, then that's fine.

09:06.200 --> 09:11.120
Just tell them to wait for a few hours and then they should be able to download it.