Asymmetric Cryptography
Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Already have an account? Sign In »
Video Transcription
00:00
>> Hello. Now,
00:00
we'll look closer at asymmetric cryptography.
00:00
As we talked about symmetric cryptography,
00:00
we said there are three main faults with it.
00:00
Out-of-band key-exchange.
00:00
You've got to figure out some way to exchange
00:00
the keys and doesn't scale well,
00:00
and it doesn't give us authenticity or integrity,
00:00
and if it doesn't give us either of those,
00:00
you know it doesn't give us
00:00
non-repudiation because that is
00:00
a combination of authenticity and integrity.
00:00
We need to solve those problems and
00:00
still be able to have secure cryptography.
00:00
We have asymmetric cryptography
00:00
>> to solve those problems.
00:00
>> Now, with asymmetric cryptography,
00:00
every user has a key pair.
00:00
Every user gets two keys and only two keys.
00:00
Right off the bat, you solve the scalability problem.
00:00
Everybody doesn't have to have a unique key
00:00
for everyone the way they want to communicate with.
00:00
Each person just has two keys that they need to worry
00:00
about and those two keys make up a key pair.
00:00
The key pairs each contain
00:00
one public key and one private-key.
00:00
Captain obvious is going to
00:00
tell you that the public key is
00:00
available to anybody who wants it and shared freely.
00:00
There's nothing sensitive on a public key.
00:00
Now, captain obvious will also
00:00
tell you that a private key is private.
00:00
It only belongs to its owner and is
00:00
tightly bound to that person's identity.
00:00
If your private keys compromise and someone can read
00:00
your encrypted messages and
00:00
signed documents as if they were you.
00:00
You must keep your private key private.
00:00
Now, the relationship between the two keys
00:00
is what makes asymmetric cryptography work.
00:00
Anything encrypted with one key
00:00
can only be decrypted by the other.
00:00
For example, if something
00:00
is encrypted with your public key,
00:00
it can only be decrypted with your private key.
00:00
Similarly, if something is
00:00
encrypted with your private key,
00:00
it can only be decrypted by your public key,
00:00
so it's not mathematical relationship between
00:00
the two keys that is in
00:00
the magic in asymmetric cryptography.
00:00
We already said this solves the problem of scalability,
00:00
but this also solves the problem of key exchange.
00:00
Now, I will use your public key
00:00
to encrypt a message for you.
00:00
The only thing that will decrypt a message
00:00
encrypted with your public key is your private key,
00:00
which only you have.
00:00
You've just gotten privacy by using
00:00
the receiver's public key as
00:00
the sender encrypt the message
00:00
for you with your public key,
00:00
and only your private key can decrypt it.
00:00
Now, I've been talking about this like I
00:00
actually ask you for your public key,
00:00
but actually, my application
00:00
asks your application for the public key.
00:00
For example, let's say that
00:00
I'm sending an e-mail message to you.
00:00
Well, usually what happens is your network
00:00
administrator is going to incorporate
00:00
>> public keys into the mail server.
00:00
>> When I open a message for you and I click the checkbox,
00:00
that's just encrypts it.
00:00
What is actually happening is
00:00
my email application is pulling
00:00
your name out of the global address list
00:00
along with your public key.
00:00
When you receive it on your end,
00:00
your e-mail application uses
00:00
your private key to decrypt it.
00:00
Or it could be a web client and a web browser.
00:00
A web client wants to make a secure connection to
00:00
a web server and
00:00
that web browser requests the public key,
00:00
and then the web server provides it.
00:00
Again, we're not discriminating
00:00
about who gets our public key.
00:00
We shared that widely and freely,
00:00
because that's how people get
00:00
information to us privately.
00:00
Privacy will always come through
00:00
>> a receiver's public key.
Up Next
Similar Content
