1
00:00:00,580 --> 00:00:02,730
<v ->In this section of the course, we're going to focus</v>

2
00:00:02,730 --> 00:00:05,330
on the concept of the Public Key Infrastructure,

3
00:00:05,330 --> 00:00:07,300
also known as PKI.

4
00:00:07,300 --> 00:00:10,010
Now Public Key Infrastructure is an entire system of

5
00:00:10,010 --> 00:00:12,810
hardware, software, policies, procedures,

6
00:00:12,810 --> 00:00:16,130
and people that is based on asymmetric encryption.

7
00:00:16,130 --> 00:00:18,262
If you have ever connected to a website using a

8
00:00:18,262 --> 00:00:22,000
https connection, you've been part of PKI.

9
00:00:22,000 --> 00:00:24,460
Now, if you want to establish a secure connection

10
00:00:24,460 --> 00:00:26,470
to diontraining.com, you would enter

11
00:00:26,470 --> 00:00:31,470
https://www diontraining.com into your web browser.

12
00:00:32,690 --> 00:00:35,200
Your web browser would go to a trusted third party

13
00:00:35,200 --> 00:00:37,040
called the certificate authority, and they're going to

14
00:00:37,040 --> 00:00:40,160
ask them for a copy of my web server's public key.

15
00:00:40,160 --> 00:00:42,880
Then, your web browser is going to pick a random long number

16
00:00:42,880 --> 00:00:45,330
to use as a shared secret key for use with the

17
00:00:45,330 --> 00:00:47,710
symmetric algorithm, something like ADS that we're

18
00:00:47,710 --> 00:00:49,560
going to use for bulk encryption of the data

19
00:00:49,560 --> 00:00:51,860
between your browser and my web server.

20
00:00:51,860 --> 00:00:54,350
But, you have to get that random shared secret

21
00:00:54,350 --> 00:00:56,670
to my web server securely, and for that,

22
00:00:56,670 --> 00:00:58,590
we're going to use Public Key Encryption,

23
00:00:58,590 --> 00:01:00,320
known as asymmetrical encryption.

24
00:01:00,320 --> 00:01:03,060
Now, using my public key, your computer is going to

25
00:01:03,060 --> 00:01:06,190
encrypt that random shared secret key that you've created.

26
00:01:06,190 --> 00:01:11,100
In the example here, I'm using 51363 as our shared secret.

27
00:01:11,100 --> 00:01:14,000
Now once you encrypt that using my server's public key,

28
00:01:14,000 --> 00:01:16,130
which anyone in the world has access to,

29
00:01:16,130 --> 00:01:18,370
it's then going to be sent over the internet.

30
00:01:18,370 --> 00:01:20,880
Now, because it's encrypted with my public key though,

31
00:01:20,880 --> 00:01:22,720
no-one on the internet can decrypt it

32
00:01:22,720 --> 00:01:24,390
unless they have my private key.

33
00:01:24,390 --> 00:01:26,630
And the only person who has that is me.

34
00:01:26,630 --> 00:01:29,850
So as we go across the internet, no-one can see the fact

35
00:01:29,850 --> 00:01:33,620
that it's 51363 as that secret code.

36
00:01:33,620 --> 00:01:36,600
Now once my web server receives the encrypted cipher text,

37
00:01:36,600 --> 00:01:39,290
it's going to use my server's private key to decrypt it

38
00:01:39,290 --> 00:01:41,350
and get it back to that shared secret key

39
00:01:41,350 --> 00:01:42,370
that you submitted.

40
00:01:42,370 --> 00:01:44,110
And now that I have it in plain text,

41
00:01:44,110 --> 00:01:48,110
I know what that number is, that 51363.

42
00:01:48,110 --> 00:01:51,010
So far, this is just using asymmetrical encryption

43
00:01:51,010 --> 00:01:53,080
like we discussed in the last section.

44
00:01:53,080 --> 00:01:55,620
Now, both you and my server know

45
00:01:55,620 --> 00:01:57,080
this shared secret key though.

46
00:01:57,080 --> 00:01:59,330
So we can create a symmetric tunnel.

47
00:01:59,330 --> 00:02:01,390
We can do that by using something like ADF

48
00:02:01,390 --> 00:02:05,170
to create a secure TLS or SSL tunnel over the internet

49
00:02:05,170 --> 00:02:06,760
and communicate safely and securely

50
00:02:06,760 --> 00:02:08,630
from anybody's prying eyes.

51
00:02:08,630 --> 00:02:10,710
This is going to ensure that we have confidentiality,

52
00:02:10,710 --> 00:02:13,500
because we're both using the same shared secret key.

53
00:02:13,500 --> 00:02:15,590
And because my web server is the only device

54
00:02:15,590 --> 00:02:18,540
in the entire world that had a copy of that private key,

55
00:02:18,540 --> 00:02:20,470
you're also assured that my web server

56
00:02:20,470 --> 00:02:21,980
is who it claims to be.

57
00:02:21,980 --> 00:02:25,670
It's been authenticated; in this case as diontraining.com.

58
00:02:25,670 --> 00:02:28,320
This gives us authentication of the identity of my server,

59
00:02:28,320 --> 00:02:31,050
in this way your web browser knows it can trust it.

60
00:02:31,050 --> 00:02:33,690
Now, if all of that occurs successfully, you're going to get

61
00:02:33,690 --> 00:02:36,490
that little padlock in your browser showing that we can

62
00:02:36,490 --> 00:02:39,250
both communicate securely between each other.

63
00:02:39,250 --> 00:02:42,220
Now all of that sounds a lot like Public Key Cryptography,

64
00:02:42,220 --> 00:02:43,110
doesn't it?

65
00:02:43,110 --> 00:02:46,740
Well, PKI and Public Key Cryptography are closely related,

66
00:02:46,740 --> 00:02:49,130
but they are not the same thing.

67
00:02:49,130 --> 00:02:52,140
When we talk about PKI, this is the system that creates

68
00:02:52,140 --> 00:02:54,980
the asymmetrical key pairs that consist of those

69
00:02:54,980 --> 00:02:57,510
public and private keys that are used in the encryption

70
00:02:57,510 --> 00:03:00,870
and decryption process, as well as managing those key pairs

71
00:03:00,870 --> 00:03:03,640
to make sure they're valid and can be trusted.

72
00:03:03,640 --> 00:03:05,240
When we talk about Public Key Cryptography

73
00:03:05,240 --> 00:03:06,900
on the other hand, we're just talking about the

74
00:03:06,900 --> 00:03:08,600
encryption and decryption process.

75
00:03:08,600 --> 00:03:12,020
So it's a small part of the overall PKI architecture.

76
00:03:12,020 --> 00:03:14,650
For all of this to occur successfully, we need to have a

77
00:03:14,650 --> 00:03:16,520
trusted third party involved though.

78
00:03:16,520 --> 00:03:18,140
This trusted third party is known

79
00:03:18,140 --> 00:03:19,830
as a certificate authority.

80
00:03:19,830 --> 00:03:21,480
These certificate authorities are going to issue

81
00:03:21,480 --> 00:03:23,910
digital certificates, and these certificate authorities

82
00:03:23,910 --> 00:03:26,350
are also going to level trust between all of the

83
00:03:26,350 --> 00:03:28,640
certificate authorities around the world.

84
00:03:28,640 --> 00:03:30,890
In this section of the course, we're going to focus on

85
00:03:30,890 --> 00:03:33,130
all of those other parts of the process that allow

86
00:03:33,130 --> 00:03:35,943
PKI to work, including those certificate authorities.

87
00:03:36,910 --> 00:03:40,020
Remember, PKI uses Public Key Cryptography to do

88
00:03:40,020 --> 00:03:43,400
its function, but PKI is the entire system of things

89
00:03:43,400 --> 00:03:46,200
that are done to be able to create the secure connection

90
00:03:46,200 --> 00:03:47,430
from end to end.

91
00:03:47,430 --> 00:03:49,140
Now when we talk about Public Key Encryption

92
00:03:49,140 --> 00:03:51,390
on the other hand, it's just the asymmetric

93
00:03:51,390 --> 00:03:53,193
encryption and decryption piece.