1
00:00:00,930 --> 00:00:08,520
So far we learned how to use PDP to encrypt messages so that only the receiver can read the content

2
00:00:08,580 --> 00:00:10,000
of the message.

3
00:00:10,080 --> 00:00:16,530
To do that the sender David in our example uses the public key of the receiver so the receiver makes

4
00:00:16,530 --> 00:00:19,240
their public key public as the name suggests.

5
00:00:19,260 --> 00:00:23,850
That's fine because the public key cannot be used to decrypt messages.

6
00:00:23,910 --> 00:00:26,660
It can only be used to encrypt messages.

7
00:00:26,880 --> 00:00:30,040
So David encrypts the message with the receivers.

8
00:00:30,040 --> 00:00:31,900
John's public key.

9
00:00:31,920 --> 00:00:35,100
The message is sent and won't John receives it.

10
00:00:35,280 --> 00:00:40,650
He uses his own private key that he never shares with anybody to decrypt the message.

11
00:00:41,430 --> 00:00:46,290
Therefore David can send the message to John in any way he wants.

12
00:00:46,350 --> 00:00:53,500
He can send it as a text message as an instant message or even use in an insecure service.

13
00:00:53,550 --> 00:00:57,930
That's fine because if anybody reads the message they will see gibberish.

14
00:00:57,930 --> 00:01:01,680
They want to be able to see the content unless they have the private key.

15
00:01:01,770 --> 00:01:06,300
And as long as John doesn't share the private key there is no need for him to share it.

16
00:01:06,390 --> 00:01:10,840
Then nobody will be able to read this message except for John.

17
00:01:11,070 --> 00:01:13,050
So that's really really good.

18
00:01:13,050 --> 00:01:20,220
The only problem here is that there is no way for John to verify that the message that they received

19
00:01:20,430 --> 00:01:24,030
has actually been sent from David.

20
00:01:24,030 --> 00:01:29,160
So like I said for this to work John needs to make their public key public.

21
00:01:29,160 --> 00:01:32,790
So getting the public key of John is easy.

22
00:01:32,790 --> 00:01:36,330
Therefore John could have it in his signature in his email.

23
00:01:36,360 --> 00:01:38,810
He can have it in his signature in a forum.

24
00:01:38,850 --> 00:01:43,740
He might have it publicly shared because he wants people to send him encrypted messages.

25
00:01:43,740 --> 00:01:47,990
So there is nothing wrong with making your public key public.

26
00:01:48,000 --> 00:01:52,330
The only problem is someone can come in pretend to be David.

27
00:01:52,350 --> 00:01:56,680
Use John's public key to encrypt a message and send it to John.

28
00:01:56,760 --> 00:02:04,320
And that way John has no way of knowing whether this message did actually come from David or not.

29
00:02:04,410 --> 00:02:08,720
To solve this problem David will have to sign the message.

30
00:02:08,820 --> 00:02:11,250
This can actually be done with PDP.

31
00:02:11,310 --> 00:02:13,410
So let me show you how this will work.

32
00:02:13,410 --> 00:02:15,070
With this example.

33
00:02:15,480 --> 00:02:17,040
So again we have David.

34
00:02:17,040 --> 00:02:20,330
He wants to send a secret message to John.

35
00:02:20,610 --> 00:02:27,990
And as we learned before the first thing that David will do he will use John's public key in order to

36
00:02:27,990 --> 00:02:29,260
encrypt the message.

37
00:02:29,340 --> 00:02:31,950
The message will change into gibberish.

38
00:02:31,950 --> 00:02:35,290
Now at this stage in the previous lecture we sent the message.

39
00:02:35,400 --> 00:02:43,770
But this time David is going to sign the message with his own private key so he still hasn't sent the

40
00:02:43,770 --> 00:02:44,340
private key.

41
00:02:44,340 --> 00:02:50,190
The message is still at David's end and what he is going to do is he's going to create a signature for

42
00:02:50,190 --> 00:02:51,360
this message.

43
00:02:51,360 --> 00:02:54,030
This signature corresponds to this message.

44
00:02:54,030 --> 00:02:56,840
And if anything gets modified within the message.

45
00:02:56,880 --> 00:03:00,960
If one letter gets modified the signature will change.

46
00:03:01,050 --> 00:03:08,250
Therefore this signature can be used to verify that the message has not been modified since it got signed

47
00:03:08,370 --> 00:03:10,650
by David's private key.

48
00:03:10,650 --> 00:03:13,820
Now keep in mind David is still keeping his own private key.

49
00:03:13,830 --> 00:03:18,020
He did not send it through any method of communication.

50
00:03:18,180 --> 00:03:24,720
So now we have a message with an encrypted content and with a signature that corresponds to David private

51
00:03:24,720 --> 00:03:26,010
key.

52
00:03:26,010 --> 00:03:27,540
Then the message is sent.

53
00:03:27,540 --> 00:03:33,500
Using any method of communication like we said you can even use an insecure method of communication.

54
00:03:33,690 --> 00:03:41,130
John is going to receive the message along with its signature and before decrypt in this message with

55
00:03:41,130 --> 00:03:49,500
his own private key what he is going to do is he is going to use David's public key in order to verify

56
00:03:49,500 --> 00:03:51,180
the signature.

57
00:03:51,180 --> 00:03:54,770
So like I said the signature was created with David's private key.

58
00:03:55,110 --> 00:03:58,130
And then John doesn't have David's private key.

59
00:03:58,230 --> 00:04:05,130
But he is going to use David's public key to verify the signature if the message was not modified.

60
00:04:05,250 --> 00:04:07,740
The verification will be successful.

61
00:04:07,890 --> 00:04:15,300
And this way John will know that this message was actually sent by David and was not modified by anybody

62
00:04:15,480 --> 00:04:22,320
because like I said if one letter gets modified the public key David's Public Key will not verify the

63
00:04:22,320 --> 00:04:24,270
signature.

64
00:04:24,270 --> 00:04:30,030
So when the signature is verified we know that David was the actual sender of the message and the message

65
00:04:30,030 --> 00:04:32,400
was not modified as it was sent.

66
00:04:32,400 --> 00:04:37,910
Whether it was sent over the Internet as a text message or using any other method of communication.

67
00:04:38,160 --> 00:04:41,850
The next step is very similar to what happened in the previous lecture.

68
00:04:41,850 --> 00:04:49,470
John will use his own private key in order to decrypt the message and read its content which is just

69
00:04:49,480 --> 00:04:51,500
secret message.

70
00:04:51,570 --> 00:04:57,310
So as you can see as a result of this each party still kept their own private key.

71
00:04:57,330 --> 00:05:04,620
Nobody sent their private key to the other party so the sender encrypts the message with the receiver's

72
00:05:04,620 --> 00:05:08,850
public key and signs the message with his own private key.

73
00:05:08,880 --> 00:05:15,780
The message is sent the receiver verifies the signature with the sender is public key and decrypted

74
00:05:15,990 --> 00:05:23,420
with his own private key this way he can verify that this message came from the sender.

75
00:05:23,420 --> 00:05:29,810
He can verify that the message did not get modified as it was sent and the message is encrypted and

76
00:05:29,810 --> 00:05:35,900
the only person that can read it is the receiver because he kept his own private key private and it

77
00:05:35,900 --> 00:05:39,070
was not shared with anybody.

78
00:05:39,120 --> 00:05:45,480
Now all of this should become clearer in the next lecture as I'm going to show you how to encrypt messages

79
00:05:45,780 --> 00:05:53,850
and sign them as a sender and I'm also gonna show you how to verify the signature and decrypt the messages

80
00:05:54,090 --> 00:05:55,080
as a receiver.