1
00:00:00,110 --> 00:00:01,990
<v ->In this demonstration we're going to explore</v>

2
00:00:01,990 --> 00:00:04,680
the digital certificates associated with a few websites

3
00:00:04,680 --> 00:00:06,430
and the type of information they contain

4
00:00:06,430 --> 00:00:08,690
in their public key certificates.

5
00:00:08,690 --> 00:00:11,070
On the screen you see two websites.

6
00:00:11,070 --> 00:00:13,880
I have Google on the left and Apple on the right.

7
00:00:13,880 --> 00:00:15,380
Both of these are being visited

8
00:00:15,380 --> 00:00:19,470
over an HTTPS connection over port 443.

9
00:00:19,470 --> 00:00:23,450
If I click the little lock next to the website name,

10
00:00:23,450 --> 00:00:25,670
you're going to see that it does have a digital certificate

11
00:00:25,670 --> 00:00:26,860
and it's valid.

12
00:00:26,860 --> 00:00:28,350
Now, in Chrome, if I click on that

13
00:00:28,350 --> 00:00:30,950
it will give me the details of that certificate.

14
00:00:30,950 --> 00:00:35,000
Notice that the website certificate is for www.google.com.

15
00:00:35,000 --> 00:00:37,180
That's its public key certificate.

16
00:00:37,180 --> 00:00:40,490
It was issued by the Google Internet Authority G3,

17
00:00:40,490 --> 00:00:42,000
and it was globally signed.

18
00:00:42,000 --> 00:00:43,920
Now, if I look at the details of this

19
00:00:43,920 --> 00:00:45,850
I can see who the subject is.

20
00:00:45,850 --> 00:00:48,170
Who is the person this was issued to?

21
00:00:48,170 --> 00:00:51,390
This digital certificate was issued to Google LLC

22
00:00:51,390 --> 00:00:53,290
out of Mountain View, California.

23
00:00:53,290 --> 00:00:56,170
It was issued by Google Trust Services,

24
00:00:56,170 --> 00:00:57,230
which is one of the big

25
00:00:57,230 --> 00:01:00,040
online digital certificate providers.

26
00:01:00,040 --> 00:01:03,070
You can see that it uses SHA-256 to provide integrity

27
00:01:03,070 --> 00:01:06,640
of that signature and the encryption is using RSA.

28
00:01:06,640 --> 00:01:09,300
Now, as you go further, you can see when it's valid for.

29
00:01:09,300 --> 00:01:11,170
You can see the public key info.

30
00:01:11,170 --> 00:01:15,060
This is being sent as an ECC public key certificate,

31
00:01:15,060 --> 00:01:19,500
and it has a key size of 256 bits.

32
00:01:19,500 --> 00:01:21,850
I'm going to stop on that site and go look at Apple now.

33
00:01:21,850 --> 00:01:23,150
So when I go over here to Apple,

34
00:01:23,150 --> 00:01:25,970
you can see that this certificate was issued to Apple Inc.

35
00:01:25,970 --> 00:01:28,000
out of Cupertino, California.

36
00:01:28,000 --> 00:01:29,670
That's where Apple's headquarters is.

37
00:01:29,670 --> 00:01:31,580
If you scroll down, you'll see who issued it.

38
00:01:31,580 --> 00:01:33,350
It wasn't issued by Apple themself,

39
00:01:33,350 --> 00:01:35,130
it was issued by DigiCert,

40
00:01:35,130 --> 00:01:37,210
another large digital certificate

41
00:01:37,210 --> 00:01:40,580
high assurance root certificate authority.

42
00:01:40,580 --> 00:01:43,600
Now, you can also see when it was valid before and valid to,

43
00:01:43,600 --> 00:01:45,290
and as you scroll down a little bit further,

44
00:01:45,290 --> 00:01:48,846
you'll get the information on its public key information.

45
00:01:48,846 --> 00:01:52,030
On the left with Google we're using ECC,

46
00:01:52,030 --> 00:01:54,070
Elliptic Curve Cryptography.

47
00:01:54,070 --> 00:01:57,180
On the right we're using RSA encryption.

48
00:01:57,180 --> 00:01:59,690
Now, why is there a difference there?

49
00:01:59,690 --> 00:02:02,430
Well, Google has a very minimalist site,

50
00:02:02,430 --> 00:02:06,380
and they also are focused very heavily on mobile browsers.

51
00:02:06,380 --> 00:02:09,470
Mobile devices have less processing power

52
00:02:09,470 --> 00:02:10,650
than a desktop would.

53
00:02:10,650 --> 00:02:12,300
And so if you're visiting a website

54
00:02:12,300 --> 00:02:13,800
and you're using a mobile browser,

55
00:02:13,800 --> 00:02:17,560
they try to send you an ecliptic curve certificate instead

56
00:02:17,560 --> 00:02:21,630
because with a smaller key size, using only 256 bits,

57
00:02:21,630 --> 00:02:24,010
we still get a high level of security.

58
00:02:24,010 --> 00:02:26,630
On the right, Apple's website that I'm looking at,

59
00:02:26,630 --> 00:02:28,840
realizes that I'm on a desktop computer

60
00:02:28,840 --> 00:02:31,190
and so it's sending me the desktop version.

61
00:02:31,190 --> 00:02:34,170
Because the desktop computer has more processing,

62
00:02:34,170 --> 00:02:37,130
it can support an RSA encryption certificate.

63
00:02:37,130 --> 00:02:39,150
Now, the RSA encryption certificate

64
00:02:39,150 --> 00:02:43,140
is using a key size of 2,048 bits.

65
00:02:43,140 --> 00:02:46,720
Notice this is almost 10 times larger, key size,

66
00:02:46,720 --> 00:02:48,460
than the ECC certificate,

67
00:02:48,460 --> 00:02:51,620
but they provide equivalent capability

68
00:02:51,620 --> 00:02:54,250
as far as the security that they're going to give you.

69
00:02:54,250 --> 00:02:55,440
That's really the difference between

70
00:02:55,440 --> 00:02:58,170
seeing this ECC public key certificate

71
00:02:58,170 --> 00:03:00,640
versus an RSA public key certificate.

72
00:03:00,640 --> 00:03:02,710
They're just a different type of encryption being used.

73
00:03:02,710 --> 00:03:05,090
ECC is favored when you're using mobile

74
00:03:05,090 --> 00:03:06,570
and low-power devices.

75
00:03:06,570 --> 00:03:09,250
RSA is favored when you're using desktops.

76
00:03:09,250 --> 00:03:10,440
And so as you go through,

77
00:03:10,440 --> 00:03:12,800
you can figure out all the different pieces of information

78
00:03:12,800 --> 00:03:14,740
that make this digital certificate up.

79
00:03:14,740 --> 00:03:16,470
Things like its key ID,

80
00:03:16,470 --> 00:03:19,340
things like its authentication and its identification,

81
00:03:19,340 --> 00:03:20,670
and in going all the way down

82
00:03:20,670 --> 00:03:23,180
you can even get down to its unique fingerprint

83
00:03:23,180 --> 00:03:25,430
that identifies it as that certificate.

84
00:03:25,430 --> 00:03:26,770
If I do the same thing on Google,

85
00:03:26,770 --> 00:03:28,700
you'll see it's a completely different one

86
00:03:28,700 --> 00:03:31,495
because they're two different certificates.

87
00:03:31,495 --> 00:03:33,551
(digital buzzing music)