1
00:00:00,830 --> 00:00:02,500
<v ->Unlike symmetric algorithms,</v>

2
00:00:02,500 --> 00:00:06,190
asymmetric algorithms do not require a shared secret key.

3
00:00:06,190 --> 00:00:08,300
For this reason, we often refer to these

4
00:00:08,300 --> 00:00:10,490
as public key cryptography.

5
00:00:10,490 --> 00:00:12,040
With asymmetric algorithms,

6
00:00:12,040 --> 00:00:15,190
we use a key pair to encrypt and decrypt the data.

7
00:00:15,190 --> 00:00:17,210
These two keys, are called the public key

8
00:00:17,210 --> 00:00:18,680
and the private key.

9
00:00:18,680 --> 00:00:20,550
Now, public key cryptography can provide us

10
00:00:20,550 --> 00:00:22,680
with confidentiality, integrity,

11
00:00:22,680 --> 00:00:24,610
authentication and non-repudiation

12
00:00:24,610 --> 00:00:26,460
for the messages being sent.

13
00:00:26,460 --> 00:00:28,360
To provide confidentiality of the data,

14
00:00:28,360 --> 00:00:29,470
the data should be encrypted,

15
00:00:29,470 --> 00:00:31,700
using the receiver's public key.

16
00:00:31,700 --> 00:00:33,610
So, if I wanted to send a document to Mary,

17
00:00:33,610 --> 00:00:35,140
as you could see here on the screen,

18
00:00:35,140 --> 00:00:36,350
I would encrypt that document

19
00:00:36,350 --> 00:00:38,100
using Mary's public key.

20
00:00:38,100 --> 00:00:40,950
By doing so, only Mary is able to read it,

21
00:00:40,950 --> 00:00:44,100
because only Mary is going to have Mary's private key.

22
00:00:44,100 --> 00:00:46,220
And this is going to be used to decrypt the contents,

23
00:00:46,220 --> 00:00:47,530
ensuring that the message I sent,

24
00:00:47,530 --> 00:00:49,780
is safe from anybody else's prying eyes.

25
00:00:49,780 --> 00:00:52,660
Now, once I encrypt the data that I'm sending to Mary,

26
00:00:52,660 --> 00:00:55,797
using her public key, no one can read it, except Mary.

27
00:00:55,797 --> 00:00:58,000
Even me, the sender, I'm not able

28
00:00:58,000 --> 00:00:59,550
to decrypt that information.

29
00:00:59,550 --> 00:01:02,140
It's a one way encryption, when I use a public key,

30
00:01:02,140 --> 00:01:05,050
and only the private key can decrypt it back out

31
00:01:05,050 --> 00:01:06,490
to readable text.

32
00:01:06,490 --> 00:01:08,163
Now, to provide non-repudiation,

33
00:01:08,163 --> 00:01:10,640
the message should be encrypted using the sender's

34
00:01:10,640 --> 00:01:14,170
private key, so in this case, I would use my private key.

35
00:01:14,170 --> 00:01:16,280
By doing so, anyone who has access

36
00:01:16,280 --> 00:01:18,510
to the sender's public key, which could be anyone

37
00:01:18,510 --> 00:01:20,660
in the world, is going to be able to open that message,

38
00:01:20,660 --> 00:01:21,560
and read it.

39
00:01:21,560 --> 00:01:23,564
This isn't going to give us any kind of confidentiality,

40
00:01:23,564 --> 00:01:26,430
but I'm not worried about confidentiality right now.

41
00:01:26,430 --> 00:01:29,090
Instead, I'm worried about making people know

42
00:01:29,090 --> 00:01:31,400
I'm really the person who send the message.

43
00:01:31,400 --> 00:01:33,620
That's the non-repudiation we're working at.

44
00:01:33,620 --> 00:01:35,850
This is going to make sure that only I can send it,

45
00:01:35,850 --> 00:01:38,380
because only I have my private key.

46
00:01:38,380 --> 00:01:39,900
Now, in most organizations,

47
00:01:39,900 --> 00:01:41,640
we don't want just confidentiality,

48
00:01:41,640 --> 00:01:43,240
or just non-repudiation.

49
00:01:43,240 --> 00:01:44,750
We want both of those things.

50
00:01:44,750 --> 00:01:46,060
And we also want to add to that list,

51
00:01:46,060 --> 00:01:48,400
we want integrity, and we want authentication

52
00:01:48,400 --> 00:01:50,870
to make sure we have this message being sent

53
00:01:50,870 --> 00:01:51,990
where nobody else can read it,

54
00:01:51,990 --> 00:01:53,640
and we know who it came from,

55
00:01:53,640 --> 00:01:56,740
and that it was never changed in transit.

56
00:01:56,740 --> 00:01:58,810
To accomplish all of this with our emails,

57
00:01:58,810 --> 00:01:59,888
we often implement a process

58
00:01:59,888 --> 00:02:03,440
to create a hash digest based on the message being sent,

59
00:02:03,440 --> 00:02:05,510
and then we encrypt that hash digest,

60
00:02:05,510 --> 00:02:07,680
using the sender's private key.

61
00:02:07,680 --> 00:02:09,670
This is known as a digital signature,

62
00:02:09,670 --> 00:02:11,100
and it provides us with the integrity

63
00:02:11,100 --> 00:02:12,610
of the message that's being sent,

64
00:02:12,610 --> 00:02:14,700
as well as giving us non-repudiation,

65
00:02:14,700 --> 00:02:17,830
because only the sender had access to their private key.

66
00:02:17,830 --> 00:02:19,760
Then, we take the message we're sending,

67
00:02:19,760 --> 00:02:22,450
and we encrypt that using the receiver's public key.

68
00:02:22,450 --> 00:02:24,780
This provides us confidentiality as well.

69
00:02:24,780 --> 00:02:26,740
So now I've got integrity of the message,

70
00:02:26,740 --> 00:02:29,930
non-repudiation, as well as confidentiality.

71
00:02:29,930 --> 00:02:32,250
To make this whole system of public and private keys

72
00:02:32,250 --> 00:02:34,240
work smoothly, there's another concept,

73
00:02:34,240 --> 00:02:36,200
that we're going to cover in a future section,

74
00:02:36,200 --> 00:02:39,210
called public key infrastructure, or PKI.

75
00:02:39,210 --> 00:02:41,890
I'm dedicating the entire next section of this course,

76
00:02:41,890 --> 00:02:43,540
to the concept of PKI.

77
00:02:43,540 --> 00:02:46,270
So, for right now, if the idea of public key cryptography

78
00:02:46,270 --> 00:02:48,700
doesn't quite make sense yet, don't worry,

79
00:02:48,700 --> 00:02:51,600
it soon will, as we go through several examples,

80
00:02:51,600 --> 00:02:52,930
to make sure you get it.

81
00:02:52,930 --> 00:02:54,230
For right now, I just need you

82
00:02:54,230 --> 00:02:55,590
to remember a couple of things

83
00:02:55,590 --> 00:02:57,320
about asymmetric encryption.

84
00:02:57,320 --> 00:02:59,620
First, asymmetric encryption is known

85
00:02:59,620 --> 00:03:01,300
as public key cryptography.

86
00:03:01,300 --> 00:03:03,580
And, second, public key cryptography

87
00:03:03,580 --> 00:03:05,900
uses two keys for each message.

88
00:03:05,900 --> 00:03:07,400
One key is used to encrypt it,

89
00:03:07,400 --> 00:03:09,967
and a separate key is used to decrypt it.

90
00:03:09,967 --> 00:03:12,301
(digital buzzing)