1
00:00:01,600 --> 00:00:11,220
It's now onto digital signatures now I did you tell signature is a hash value which is here which we

2
00:00:11,220 --> 00:00:12,380
just discussed.

3
00:00:12,390 --> 00:00:20,520
So it's the fixed lenth result of a hash function that is encrypted with the sender's private key to

4
00:00:20,520 --> 00:00:24,730
produce the digital signature or the signed message.

5
00:00:24,930 --> 00:00:32,010
So the digital signature is technically a stamp of approval for the sign.

6
00:00:32,010 --> 00:00:37,740
It is a provider of guarantee over whatever it is that's being signed.

7
00:00:37,830 --> 00:00:44,880
When something is digitally signed it provides authentication because it's been encrypted with the private

8
00:00:44,880 --> 00:00:49,690
key which only the person who has the private key can encrypt with.

9
00:00:49,710 --> 00:00:51,520
So that is the authentication.

10
00:00:51,570 --> 00:00:58,020
It provides non repudiation because again the sender's private key is used and it provides integrity

11
00:00:58,110 --> 00:01:03,900
because we are hashing a digital signature could be used for example with software.

12
00:01:03,990 --> 00:01:08,310
It could be used for drivers within your operating system.

13
00:01:08,400 --> 00:01:15,150
It could be used for certificates to validate that all of those things are genuinely from the person

14
00:01:15,150 --> 00:01:21,980
that they claim to be from and that the integrity of them has been maintained or there's been no changes.

15
00:01:21,990 --> 00:01:30,130
So if we go and have a look here at the chrome install file properties and you'll be able to do this

16
00:01:30,730 --> 00:01:33,220
in any operating system or the equivalent of.

17
00:01:33,400 --> 00:01:45,970
And we look here the digital signatures we click here you can see already some details me view the certificate.

18
00:01:46,270 --> 00:01:52,990
What we can see is this is an issue to Google by Verizon.

19
00:01:52,990 --> 00:02:01,240
So is there a sign the private key has been used to digitally sign this software code is saying this

20
00:02:01,240 --> 00:02:05,410
software is legitimate and it hasn't been changed.

21
00:02:05,470 --> 00:02:13,780
So as it says here in schul software came from software publisher pre-text software from alteration

22
00:02:13,840 --> 00:02:17,610
after publication to know this digital signature is valid.

23
00:02:17,830 --> 00:02:24,460
We have to reverse the original process so we have the digital signature here or the signed message

24
00:02:24,460 --> 00:02:25,940
or the sign software.

25
00:02:26,010 --> 00:02:28,200
We then use the sender's public key.

26
00:02:28,240 --> 00:02:35,800
In that case it would be there a sign to decrypt to reveal the hash which you can then verify yourself.

27
00:02:36,020 --> 00:02:37,680
You'll have a hash value for it.

28
00:02:37,690 --> 00:02:40,810
It will have been taken from the digital signature.

29
00:02:40,810 --> 00:02:46,960
You can then take the file many through the same hashing algorithm and you compare hashes and you can

30
00:02:46,960 --> 00:02:51,150
see that this software has maintained its integrity but when it comes to software.

31
00:02:51,160 --> 00:02:56,770
This is all happening behind the scenes and it's been verified without even knowing if verification

32
00:02:56,770 --> 00:02:57,890
doesn't happen.

33
00:02:57,970 --> 00:03:01,710
You get warning messages and you've seen these before.

34
00:03:02,080 --> 00:03:03,410
Here's an example of them.

35
00:03:03,430 --> 00:03:06,030
Windows cannot verify the publisher.

36
00:03:06,110 --> 00:03:12,220
This driver software that means that it either does not have a digital signature or you see how the

37
00:03:12,520 --> 00:03:19,410
code was the person that verified that digital signature that your operating system doesn't trust very

38
00:03:19,430 --> 00:03:26,630
code and will go in later as to why you might trust very code or not transfer code when we get to certificates.

39
00:03:26,710 --> 00:03:34,900
Windows 10 has introduced new technology called device code which is a way of using digital signatures

40
00:03:35,320 --> 00:03:40,360
to lock down what your operating system will and will not run.

41
00:03:40,360 --> 00:03:47,570
So device God will only allow certain types of signed files to be wrong.

42
00:03:47,590 --> 00:03:54,450
Theory being that then malware cannot be run or rats or trojans because they won't be signed.

43
00:03:54,530 --> 00:03:57,710
Or of course ways around this which we'll discuss later.

44
00:03:57,760 --> 00:04:01,420
That device God is another layer of defense.

45
00:04:01,450 --> 00:04:06,480
So let's get through this just one more time because I think it can be sometimes a little bit tricky.

46
00:04:06,520 --> 00:04:12,790
So a hash value that has been encrypted with the sender or issue is private key.

47
00:04:12,790 --> 00:04:14,870
That is a digital signature.

48
00:04:14,890 --> 00:04:18,870
It provides authentication no repudiation and integrity.

49
00:04:18,880 --> 00:04:26,590
And if you encrypt something and also provide a digital signature then you're also going to get confidentiality

50
00:04:26,680 --> 00:04:30,590
along with authentication repudiation and integrity.

51
00:04:30,610 --> 00:04:37,060
Digital signatures ensure that the software or whatever it is that you've got came from that person

52
00:04:37,060 --> 00:04:44,260
or that publisher and it protects that software or that message from alteration after it has been published

53
00:04:44,290 --> 00:04:45,090
or sent.