5 hours 49 minutes
Hello, everybody. And welcome to the I t security. Absolute number 24 digital signatures. My name is Alejandro Gonna, And I'll be constructive for today's session.
The learning objectivity is to understand and be able to identify the main concepts of digital signatures.
Well, here we have again. Bala now is in here. You know your works. It's,
um And this time we're ready. Copper confidentiality and integrity.
But we haven't covered the non repudiation a term that we, you know, talk about at the beginning of this module.
Um, just cryptography over. Oh,
so we need to cover that, and we will cover that with digital signatures. So again, we go to the beginning off talking about us asymmetric algorithms,
which is, you know, Bob here has
pull the key
and his private key
and all these right here has
her pulling key.
Her bribe key.
Um, and you know, it seems we're trying Thio again. Bob is trying to say hello,
and we were trying to cover Thio concepts right now, which is integrity
and non repudiation and saying we're trying to cover that
on. We already said that to cover in charity. We need to use hashes
and she covered now repudiation. We need to use asymmetric
And she did that first. You know, I started by two to create a digital signature. We first start by passing the, uh,
clear text message. True. And our two hash algorithms. So we have right here we have. Or Shah
We passed that to create, I don't know, a easy one to treat. This is our hash value. And to guarantee the non repudiation, what do you think? What do you think we can do?
Remember that when we said that we went into guarantee confidentiality with, you know, a cement truck Keys will encrypt with Alice's public key so she can be printed with her own private key.
But this time we're trying to guarantee non repudiation. None. Come. We're not trying to guarantee confidentiality. So it seems we're trying to guarantee non repudiation, which means that the sender cannot deny haven't send the message.
And the only thing that book should have kept a private is his product key. So in this case, we will in Crete,
the data will buffs prep Binky,
but did I hear you saying over the strain. But what about confidentiality is at the end, If buffs and Crips this hush value with his private key, anyone around the world will be able to decrypt it because box public is published in an FTP server
or is bullish in an http server or whatever
is publicly known. And yeah, that's the idea. The value that was generated from encrypting the hash bother you,
which would be ex white
can be decrypted that anybody you know. And that's the point. We need to guarantee that
the number of radiation, which means that bucket not denied having a shine in this case, we whipped the message. So whether we send to Ali's to go, you know, to complete the digital signature
concept. So we sent this value
and we sent also the clear Text Valley.
So now always has the X y Z shoot report and the hello message. So what is? You know what those out others needs to do right now. So all these since it has the
X y Z a 234 message, it needs to decrypt it with box pulling key.
So it takes bucks, pull leaky
and dig grips the message
on And it should have the A B C 12 tree, which is the hash. Remember, we encrypt the Hash Valley with bugs property. So now we passed the encrypted body to Bubs publicly to get the hash Bali. And since, uh,
all these also has
Message. She now needs to pass it through the same algorithm, which in this case, is
Thio shot 2 56 And he has to be. It has to give me the same value,
which is right here and also right here.
And now that I have this, I know that it gives me a B C 12 tree. I cannot trust that through things that
the message was sent by Bob because I was able to decrypt the message with box Polic E. But now I can also see or trust that the message wasn't modified in the transit, meaning that I can guaranteed integrity off the message. So this the concepts are provided by the digital signature
integrity and now repudiation
weapon concepts are provided by detail signatures well aside, just said sincerely and a repudiation of the two concepts that are provided, but digital signatures
name one symmetric algorithm used in digital signatures. Well, as you can imagine, there's not. We cannot use symmetric algorithms in digital signatures because we will be able to guarantee the non repudiation part. Remember that for symmetric algorithms,
the same key is used at both sides of the communication. Both both both
Ali's above, will be using the same keys that there's no way to know above actually sent the Cheon crypt, the message or Alice encrypted or anyone else else's told the key and wasn't cryptic messages in name off one of these two centers. So
that's why we don't use symmetric algorithms in digital signatures. We just use asymmetric algorithms.
Could you provide confidentiality by using only digital signatures? Well, the answer is no, we don't are. We're not looking to provide confidentiality. When we were talking about digital signatures where we're looking to provide its integrity on now, repudiation
in today's brief lecture would talk about the main concept of digital signatures.
Then again, uh, Phipps publication is or go to when we talk about cryptography. I already said this in previous models, but, uh,
all of the all of the links that Cupid here, uh, or I could give you. You know, books and references are our materials to any other publications or notes.
They all go to the Phipps publication on this is the standard that most off the end of the business outside use to deprecate to continue using to brew, to see what algorithms to use in order to be, you know, really secure.
And you can also you can even certified your dirt. Your code
or your service is with this publication. So this is their go to material. When we talk about cryptography,
the next video, we'll wrap up all the previous cryptographic concepts on Explain how there are used in a public infrastructure, also known as P K I.
Well, that's it for today, folks. I home your dirty video and talk to you soon.