Cryptography/SSL 101 #1: public, private and symmetric keys concepts

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

right so first of all I'm not going to make any apologies for the fact that this is not going to be a short video there are some videos already on YouTube that talk about SSL and and try and give an introduction I actually found that there wasn't one that really described everything in a way that left me at the end of it in no doubt about how it all works and so my style is going to be potentially repetitive I'm going to try and Hammer the basics home if if you probably don't need that you probably don't need to be watching the video and so I'm going to try and explain things in sort of layman's terms so that anybody can understand it and follow through from from slide slide so basically let's let's kick off and so why do we need HTTPS or SSL so HTTPS is the secure version of HTTP and HTTP is is the the protocol if you like the message format between clients and servers on the Internet so when you go to your to your banking website or to any web site in the world chances are you're going to be using an HTTP protocol which which again defines the format and the exchange of messages between the client and the server so the only difference between that and HTTPS is that the S stands for secured and therefore what we're saying is that instead of instead of a stream of characters going over the Internet in unencrypted format we are first of all going to encrypt them so that the string of the sequence of characters that sent over the Internet is going to be essentially scrambled and completely indecipherable to to a rogue in the middle here who might be trying to get information about the the traffic between these parties so if we take this example here I'm going to use this this guy Humpty Dumpty as the sort of the client who's trying to interact with his with his bank over here right so normally the Humpty would sit up sit his bank and let's say let's say the bank and not using HTTPS they're just using HTTP so who go to http my bank whatever the URL is and then there might be a login form and you might enter is his username and password in that logging form and we hit submit and those those details are essentially going to be sent over the various notes on the on the internet first of all through his router then through to the ISP and then of various points through the internet until actually gets to to my bank now the point is without HTTPS the the sequence of ones and zeros effectively because all traffic over the Internet and indeed in any computer is represented by ones and zeros or enough but without encoding them with HTTPS the the format's of these ones and zeros is an is in a way that anybody could listen in on any of these nodes on the internet and easily read that this particular sequence here for example represents this username so that's obviously a very dodgy scenario and what we want to avoid so I just made a note down here so without without SSL data is census requester even wanting zeros and the man in the middle it's a very common term in this kind of government of you here the windows unbelievable the man in the middle can listen and interpret that x-ray and you can potentially even modify that and then send it on its way so that's why so what we need to do is find a way to actually take this data here that's being entered by Humpty Dumpty and basically scrambled it in such a way that this guy in the middle cannot understand at all what's going on but obviously in such a way that the bank when they receive the data can unscramble it and interpret it correctly okay so in a nutshell we need to encrypt the the data between between Humpty in the bank so let's let's take computers out of this whole scenario for a moment and using an analogy it happens to be quite a a sort of a bulletproof analogy so um and it might have to make the make the concepts much clearer so let's say let's say that the Humpty Dumpty and the bank in long before computers came along they they were engaged in some business which required frequent exchange between Humpty and the bank of Humpty's passport right Justin so that's you know I don't know what scenario that would happen normally they'll just need it once but let's say they needed a way to say over the next three months the bank needed Humpty's passport and and and they would need to check it do some processing send it back to home T then Humpty might go on holiday for a bit at the bank might need it again so how do we find a way to send Humpty Dumpty's passport to the bank securely without any chance of anybody in the middle stealing that Passport okay well effectively and also by the way avoiding Humpty having to go in person to the bank every time so let's say you know let's say he lives five hundred five hundred miles away from from the bank it's a long way and he doesn't have to go every time so Humpty Dumpty what he's going to do is he's going to buy a simple secure chest with a lock and key and let's say for example that is the only mechanism in this day and age that we're talking about it's the only mechanism that people actually use to put their belongings in and send them via courier to multiple destination so let's say it's a very standard trunk that is available at a time so what happen here is Humpty would would buy all these trunks and he would actually make a copy of the key so so he's got one key for himself and one key for for the bank to use and when they want to open the trunk so now so that's number one number two so for the very first time hopefully we would have to take that key himself to the bank and give it to the bank and the reason is the assumption up here because the postal or the courier service we're going to assume is corrupt and that anything that they are going to anything that they're transporting they like to basically take a peek inside or see if they can you know manipulate it and when they get keys to deliver they always take a copy of those keys and keep them for further use and the reason is because you know so they have this long chain of keys that they've copied that they're delivering and whenever somebody sends a lockbox for example they take their chain of keys and say oh okay well let me see if any of the keys that I've got open this box right so let's assume that it's a very evil corrupt career so Humpty doesn't want to send this key obviously you buy this corrupt courier so he's going to go he's going to walk 500 miles in person to the bank and deliver the key to the bank right I just made note there so nothing sent by the curry or the post is safe unless it's locked up in a secure container like like one of these chests so Humpty then returns home to his house right so he walks back 500 miles leaves that leaves the key that he did at the bank and goes home so now he just takes that passport and drops it in the in the chest that he bought and then he locks the chest with with his own copy of the key and then he sends that chest over that 500 mile road via this evil courier service and the what happens there is that the because this box is locked then the courier can do nothing he has this he has all these copied keys he's got from the past that he's trying he'll obviously tried them on this lock but he won't have any luck because because this key has never been sent via via that by the courier so he never had a chance to copy it so all the courier can do is say well okay reluctantly I'm going to deliver this trunk to the bank and collect my fee for for delivering alright so the bank receives the locked chest and he opens it with the copy of the key that that Humpty delivered to him right there that's no problem they process their Passport put you know they they deal what they need with it and then they lock it back up in the chest with the with their own copy of the key and send the key sensor I'd send the chest not the key back via the same evil courier service back to Humpty Dumpty and because Humpty and the bank both have their own copy of this key that locks and unlocks this chest this channel if you like if communication is totally secure but it did require Humpty to go in person once to deliver the copy of the key to the bank right this is analogy described what's called symmetric encryption so basically you're using the same key to lock and unlock the the chest if you like so if we move on to the next slide so let's say for example Humpty is under house arrest cause he's been a naughty boy or naughty egg and he basically he's not allowed to leave the house and go to the bank to deliver the copy of the key to the bank so how do how would they achieve the same thing well what happens is that there is actually another type of box you can buy which is much more expensive and much heavier much more expensive to transport as well but the cool thing about this box is that the it has two locks and two keys right and basically this box you use a green key to lock the box and use a red key to unlock the box right so and this is this is it's this is called an asymmetric box we'll call it right now so the great thing about this is that they so because we've got these two keys and one of them is called the the public key let's just go through this question so why is the green key called the public key it's called a public key because this is the key used to lock the box so you can never actually be in danger of losing your secures valuables by giving possession of this key to anybody of because this can only lock can never unlock a locked box right so in actual fact we can make as many copies of this key as we want and we can send it - every single in evil courier service and every tyrant in the whole world and say here you go mate you knock yourself out you can take this key and do it every one with it and that's why it's called a public key the private key this private key is a different story all together with the private key unlocks the box so it's very important that only certain people have access to this private key and that's why it's called private and we're going to call this an asymmetric chest now let's see what this has to do with the Humpty Dumpty who's under house arrest so let's see how Humpty can actually get his passport securely to the bank without ever leaving the house right so first of all the bank I'm going to say the bank guess gets hold of one of these asymmetric chests and I'm going to say the bank does it because they are the ones who are going to own the private key so will you buy one of these fancy asymmetric chests in the box comes the private key and the public key right now the idea is that you is the owner of the box you're going to keep hold of the private key and basically never let her help your hands ever right but what the bank does do is basically he's going to send this chest via the evil courier service unlocked right with the with the public key and he's going to send it via the courier - to Humpty Dumpty alright so it goes go far this way so the courier basically says well I've got I've got an asymmetric box and I've got a public key the asymmetric box is empty and open what the hell what the hell can I do I mean he could be if you want to just cause trouble and be you know just a I got a Meany you could basically just take that trip take the the asymmetric chest and lock it with the public key just to be just to be just to cause a bit of trouble maybe have a bit of fun but he's not actually able to steal anything so let's assume that he'd basically just delivers the the chest and the public key to Humpty and collects his fee for for the delivery because he's not going to get these feet whose career fee if he delivers a locked chest and a public key so because that's of no use to anybody so so basically I also made a note here that so remember that the courier is going to is going to make a copy of the public key because he always does that anyway um but he knows in his heart of hearts is never going to be any use to him so number three so Humpty he gets the open empty chest and he basically puts his passport inside the chest right and then he locks it with the the public key right which which he was sent along the chest now now the now the chest is locked with the passport inside and he sent it back via the same evil courier service back to the bank again I'm repeating myself I'm laboring the point but I want to make it short crystal clear the courier has nothing to do with his box now he can't now it's locked he still has a copy the public key but because the bank has the private key which is the only key that can unlock the chest then the Koreas can do nothing but again collect his fee for delivering the Box intact back to the bank so when the Box gets back to the bank the bank who have been holding the private key and never letting out of the hands they will open the open the box and they will basically see it find the passport in there and and that is a an analogy to describe what is called asymmetric encryption right so quick little water now I want to take a slight diversion here just to sort of extend this analogy to to the sort of mathematics not actually describing what they do but just to explain that in the in the real world where we're not actually using physical boxes we're going to be using say digital documents or streams information or pin numbers or usernames and passwords now on a computer all those all those assets like like documents photographs that you want to encrypt or you know PIN numbers they're represented as a just a number right now so the mathematical formula to encrypt a unencrypted piece of information let's call it M which is just the SA is your pin number right we want to produce a scrambled value M sorry scramble value C in my apologies from M and that uses a mathematical function f right so it's so in a nutshell C which is called your ciphertext is a function of M which is your input text and two other numbers and those two numbers together N and E mathematically they are they represent what's called the public key right that's highlighted there now when we decrypt we want when we want to recover our initial let's say our pin number from the scrambled value C we basically apply the same formula but instead of using the public key which is N and E we we basically apply the same formula but using the private key which is N and D the N by the way is comments about the public and the private key but D is if you like is your private key right so these numbers n D and E they're basically closely related to each other in a way that they're selected at the time that a public/private key pair are generated so when we talked about the in the previous slide about the bank buying one of these what you know the these asymmetric boxes which has a public key and a private key that comes with the box the people who manufacture those boxes have to to make sure that they they create a locking system that where they publicly in the private key both correspond together to lock and unlock the same box and mathematically this is exactly the same when we when it when the mathematical software which generates sort of these virtual encryption boxes it has to generate two corresponding public and private keys that are that have a special relationship between each other such that when I apply this I applied the encryption formula which is I'm just going to reduce the term F you don't need to understand what was actually going on underneath there but when you apply that formula using your input input pin number let's say your secret with the public key you're going to get the ciphertext and when you apply the same function to the ciphertext but with a private key you're going to get your original input so obviously there's a key relationship between between those two so I've just made notes here so the process of key generation mathematically is finding two numbers such that the expression on the Left holds true right so basically such that this one here holds true so if I apply the same function twice I'm going to get the original message back if this is confusing don't worry too much you can leave me some questions down below and I'll answer them it's not really that important to the overall the overall understanding the video so and just it's sort of hammer the analogy home so the the encryption decryption formula F is analogous to basically the treasure chest right the secret message ie the pin number is analogous to the passport that we saw in the Humpty Dumpty example the the public key eat so the combination of those two numbers a and n that's corresponding to the green key that locks the chest right and the the encrypted pin number so this is analogous to the lock chest containing the passport right so that's your that's your scrambled pin number and then the private key that you used to unlock this and retrieve the original pin number or passport in the in the in the Humpty example that is your private key D right and that's that corresponds to these two numbers N and D right and again so I don't want to go too much into the math and I'm sorry if this this is sort of not being perhaps as useful irrelevant but it is at least it might sort of spur you on to explore a bit more so a simple example here is if we want to encrypt the number two so let's say for some reason I want to communicate the number two to somebody let's say that it's the last digit of my pin number or something like that right so what happens is that if I want to encrypt this number two I have to choose public and private keys to do this right so the process is listed here I'm not actually going to describe it I'm not a modern mathematician and that's kind of should go to show you that you don't need to be to kind of understand this stuff but basically to two public keys have been chosen like this by the way they're not they don't depend on what this number two is but they basically just although to some extent the number that you're trying to encrypt has a bearing on the size of the keys that you have to use but other than that so they've chosen a public key of seven comma 33 for the numbers P and N and a private key of D comma n is 3 and 33 and this remember we talked about the the encryption formula F right which and said we're not going to describe what is inside that it's basically a very simple formula it's basically you take your take your your input number so basically it's 2 which is the number we're trying to encrypt you raise it to the power E which is 7 and then you take the modulus of that which is basically the remainder after dividing it by 33 which is n right and that gives you your encrypted value which is kind of ways so we've gone from the number 2 and we've encrypted it using our public key to create the value 29 now the question is what use is that well anybody who has the private key of D and n which is 3 and 33 they can basically d Crips 29 - give me - right and and the way they do that is simply by twos Metzger though is basically if I so if I take 29 and I raise it to the power D this time which is my private key D and then it is the same formula take the modulus so divided by 33 and take the remainder that gives me my original - so I think that's a very simple example of how they how they sort of the public/private key encryption works this is an example using the RSA encryption algorithm so again I did go into the math a little bit but I hope we can move forward go back into the world of humpty-dumpty is a little bit more accessible and more interesting so ok next slide so if let's say Humpty has a has a document right I say to you know a let's say is his credit history right or his last three months bank statements and he wants to basically encrypt these in a way and then send them over the internet somehow to the bank so the bank can read them right so as I said each let's say this document is his Humpty's credit history and he wants to send it to the bank because he's applying for a critical I don't know I don't if that's a feasible example but it's a document that he doesn't want to be shared by anybody other than the bank so he takes this document that document can be passed through this RSA encryption decryption software on this computer using the public key of the bank right because the bank owned the public so the bank owns the private key and the corresponding public key has to be used to lock the document in the in this virtual chest right so so he's going to take the document he's going to use the public key to put it through the RSA encryption software and that's going to generate some ciphertext right so just like in the previous slide let's say instead of the number two we're going to use just a big document right and the public key is going to be a lot a lot longer a lot much bigger number than 733 right but but this is exactly the same principle applies they're going to generate some ciphertext I'm coming out of that formula which is going to be the equivalent of the number twenty nine weight which is the Scramble value and then this ciphertext can be sent over the Internet securely right you could put it on a USB key and send it via physically but via this evil Korea probably is great ransom by now still in the family business they can take the USB key deliver it to the bank the bank or you could email it or any other way but the bank at the same ciphertext document right and then the bank will take their private key pass that ciphertext with the private key through the RSA decryption software remember RSA is just this particular formula here that we went through on the previous slide and then like magic outcomes Humpty's original sensitive document over here right so that's an example of how up the RSA we've gone from talking about treasure chests and locks and keys to actually describing how this happens in mathematics and digital asset rather than physical passports and then an example of how such a digital asset might be encrypted sent over an unsecured Channel right and then decrypt it at the bank end now what are the drawbacks of this of basically having a situation where where the bank has private key that they keep for themselves and and basically the humpty-dumpty and everyone else has a copy of the product of the public ether Bank well the the main disadvantage is that it only allows the traffic to be in one direction so let's say um let's say that the bank wants to send Humpty's passport back to Humpty right he has no way of doing that because Humpty doesn't have his own private key and the chest though that Humpty in the bank were using before can only be unlocked by the private key that the bank have right so so we could say okay well why doesn't Humpty just buy his own locked chest right I'm gonna draw an Humpty's um little face on the side xi and in addition to the banks one so therefore Humpty can use this chest for receiving from the bank and the bank can use this chest for receiving from Humpty so that so but but that's extremely it's extremely sort of inefficient and and these boxes that we're going back to talking about boxes now but let's say they're very expensive very inefficient very heavy and so so basically what we need to do is find a better way to enable Humpty Dumpty and the bank to exchange their passports securely bi-directionally in both directions not just Humpty sending it to the bank right and so happens there is a way to do this again this light in scuse me this light looks a little bit involved but I'll just take you through step by step what happens it's actually not too difficult if you understand the symmetric box the asymmetric box that's all you need to know so number one so Humpty is going to buy himself a symmetric trunk and he's going to make a copy of the key just like you did in the very first example we looked at right step number two the bank is going to buy an asymmetric trunk right the one with the public and private key and they're going to send it via the courier along with the public key so again we've seen that happen before when when housebound Humpty wanted to send his passports the bank wasn't not able to get it back so the bank the scent the chest with the public key via the courier the courier makes a copy the public key as he always does in the hope that one day he'll get a locked chest that is one of the keys on his keychain will open but you know and he he delivers does the courier delivers the the asymmetric chest to Humpty now this is where the clever bit happens right so Humpty now has two boxes he has a symmetric box which belongs to him and he with the key that he copied and he has the asymmetric box that he's just received from the bank with the public key for that right so what he does is he gets his passport and he locks it inside his own symmetric box right the one that he bought and has and made a copy the key for he locks it inside there then he's going to take this chest and he's going to drop it inside the asymmetric chest which is much bigger and much heavier right and he's going to drop the he's going to drop the the copy of of his own symmetric key inside that chest along with it right then he is going to lock that asymmetric chest with the public key that sent to him by the bank so let's recap what he's sending back is the asymmetric chest that was sent by the bank that's been locked with the key that was sent by the bank but inside that box he has put his passport and the symmetric chest and the copy of the key that he made right so this package all goes back by the evil courier service back to the bank and the courier has nothing to do once again because it's an asymmetric box and he only has the public key he doesn't have the private key so only the bank can open it so I hope this is not too long-winded but I also more importantly hope that there's actually at least becoming clear right the bank gets this asymmetric box it has the private key of course because it it was the one in step two that actually bought this box and kept holds the private key so the bank opens the box with the private key now out of the box comes this symmetric box which Humpty bought and a key to open that symmetric box so the bank opens that the symmetric box with the key and out comes the passport so we've achieved the goal of getting the passport to to the bank securely without any chance of this evil career in the middle intercepting and getting his filthy hands on it right and the great thing about this is that we can now actually get the passport back to to Humpty securely which we were not able to do before right in the first example so how do we get the passport securely excuse me back to Humpty right now the key point is we do not need that big clunky asymmetric box anymore right we can throw it away the bank can basically use it for the next Humpty or whatever but we don't need it anymore and the reason is because what we've achieved now is that the bank and Humpty both have a copy of the key that locks and unlocks Humpty's original asymmetric box which if you remember was the what we wanted from the very first example I'm sorry to go back to the slides was just going to hammer at home in the very first example we said as long as Humpty can walk to the bank 500 miles once deliver the copy of the key then the bank and Humpty can exchange to and fro as many times as they want now without Humpty having to leave the home we've achieved exactly the same thing right and on this slide so we just go through it so basically this box is now a secure channel if you like for the bank and Humpty Dumpty to exchange passports gold coins whatever secure things they want forever right and this guy in the middle he has he has no idea he does not have this this public key here at all he does not have access to this so he has the public key that belonged to this symmetric box so the asymmetry box my apologies but that base magic box has now been thrown away right so so that from there from here on is basically his plain sailing right so the the the public the asymmetric box is discarded and two-way correspondence between Humpty in the bank occurs with the symmetric box the one that Humpty bought and copy the key for right and as one a sort of reiterate one more time the asymmetric box was only used initially to securely communicate the copy of the key for the symmetric box between Humpty and the bank right and the man in the middle never got his hands on this so how does this extend to our Internet example so this is just a recap from earlier where we said that the the original secret document the one that could not be shared can be encrypted with the public key through this RSA encryption software which is the very simple formula we looked at to create cipher text which is the scrambled unintelligible unintelligible text and then that's when combined with the private key passed through the same RSA algorithm will give you your original secret back right and then so this is the asymmetric and then the symmetric is basically we take our secret document we use a symmetric key and the symmetric algorithm this is this isn't a common one is AES so RSA is a common algorithm for asymmetric encryption decryption and AES is one you'll hear often used for symmetric encryption decryption so and this gives your ciphertext and then the same the same key well through the symmetric encryption will decrypt that message and give you your original ciphertext so so we've got two types of encryption going on here and HTTP is and it is basically a a technical sort of a computerized interpretation an extension of this analogy here that we just went through which combines symmetric and asymmetric encryption alright so now I apologize I saw to use more handwriting on these slides I hope you can read it but I probably read anyway so what we're doing is we're going to bring these two together right so asymmetric encryption just make a note is slow it's limited in terms of the message size so the the keys you use influence the maximum size of message that you can encrypt symmetric encryption is fast if it's if it's efficient and it can be used on you know as big a input message as you want so if you think of it in terms of those trunks those those natural physical boxes you can say that as say the the asymmetric box can only contain certain types of contents whereas the asymmetric sorry the symmetric box the one that has the same key to unlock and unlock like the simple box you can put anything you want in there and it's much quicker to transport right so what's the answer how do we so how do we get the boasts of the best of both of these techniques well we use asymmetric encryption to share a symmetric key between the parties and that symmetric key is going to be used to encrypt the actual conversation go back it's exactly the same as the analogy to go back here with the bank so first of all we exchange we use an asymmetric box to securely transport a key that enables subsequent communications back and forth forever to be done by a symmetric box right so yeah so this is the internet equivalent of the house bound Humpty using both the symmetric box inside a symmetric post right now so in terms of HTTPS so that's been a lot about kind of the public private key encryption there's not been nothing about the kind of did the Internet and a web browsing secure or not secure with a you know banking session that kind of thing now I'm not going to go into the HTTP protocol or indeed the internet stuff for me if you're interested please leave a comment down below I can do more videos on this type of style on any topic that you know that a few people asked for but essentially when when your browser goes to a goes to you let's say you hit HTTP my bank comm login what happens is your browser on your computer sends a message to them to the my bank comm server and it says basically I want to start a session a web session with you but because I've said HTTP first of all we need to establish a secure channel to communicate so instead of sending ones and zeros over the internet in raw form like like in the very first slide we're first going to agree some protocols some rules on each side so that we can send effectively this data in scrambled format right so that's called the client hello that's the signal from the client to the server saying hello I want to I want to communicate securely with with with you my bank in this session right so that then the server is going to send a hello response back to the client right and look and the server at this point is basically saying right eye if we're going to use HTTP it's going to tell them some details about what version of the HTTP protocol that they're using cetera and this is not a detailed description about the HTTP protocol I can do a video on it if you want but this is just want to illustrate the sort of this is more about the public private key concepts right so the server sends this hello message and it sends it accompanied by a document called a certificate which contains the server's public key right so the server which I've drawn over here has its own private and public key installed on its web server so just like the bank had its own treasure chest that it bought with a public and private key the server's so the bank's web server has a private key which is effectively just two numbers which we saw from that formula installed on the web server and a corresponding private key that it that it communicates and sends out to any client that wants to communicate with that server right just like the bank communicating its publicly to humpty-dumpty right so the server sends back the certificate in the response that certificate is it is a document it's a very short document it's like you know a few hundred characters and it includes the public key right now the client at this point but basically does some validations on this certificate to make sure that the server is really who they say they are but this that the certificate is valid now I'm going to do a detailed the set and a session on this whole kind of certificate side of things that's going to be the next session so this is more a primer to see okay well you know what's the public private key thing all about and you know what was generally the server about so the server is going to check this certificate so the client my boy just going to check the certificate check that it's now hasn't expired and then it's going to take the public key from that certificate and put it aside and use it in the next day right so what happens then is that the the client so that's Humpty Dumpty's computer right the guy who just literally wants to go on check his online banking state whatever he his computer not not Humpty his computer automatically just basically generates a random number it's called a premaster secret and that premaster secret is encrypted by the client with the server's public key from the server sent in the certificate right and then that the encrypted premaster secret is sent back to the server right and this this is analogous which is going back a few slides this analogous to Humpty taking the public key that he that he owns that he copied encrypting it as in putting it back in the server's box locking it with the server's public key and sending it back right so so basically the client again generates that generates a random number I'll explain what that random number does in a second you might be getting an idea of what's going to do anyway it's going to take that random number encrypt it with the server's public key right and then it's going to send that encrypted message back to the server now what happens then is the last step in in the kind of the key establishment process of the client and the server they but they both now have a copy of this the random number that the client generated so the so they both let's say the client generates the number 45 and encrypts it with this with the server public key right and to give the number 3 a 76 client sends three eight seven six to the bank the bank decrypt three eight seven six with the bank's private key to get the original number twenty five so now the client the server they both know this random numbers five they both put this number 25 through a function which is known to both sides and it's a deterministic function so effectively it's going to the result of passing that premaster secret to the function is going to be the same on the client side and the server side and that number is basically the the symmetric key that the client and the server are going to use for all subsequent communications in that session so I just in step 9 so the client and the server from that point exchanged messages within that session so until the client you know hits close on the browser effectively to encrypt and decrypt all the traffic using that shared key right I hope that makes sense and I'll just go over it once more I guess people who find it this very tedious and repetitive will probably tuned out a long time ago so it just hang on for two more minutes and hopefully you'll have a good understanding of the public/private key thing and we can build on that too to get a really good understanding of how SSL Certificates work right so just go over one more time so the client sends a request via HTTP my bank comm to his Bank web server saying because it's HTTPS I want to create a secure channel right the server the web server has a private key and a corresponding public key installed on the web server it sends the public key back to the client contained within a document which is not secret it's a public document called a certificate the certificate contains that the public key going to the bank the the client does some verifications some other verifications which we'll talk about in the next video then it will also pull out the public key from that's difficut and say right I've got the public key to the bank I'm going to generate a random number in this case the client generates 25 encrypt it with the server's public key to give a scrambled number send that scrambled number back to the bank the bank decrypt that scramble number with the bank's private key to get 25 so that the client and the server now both have the number 25 they both pass that number 25 through a mathematical function and they and that function generates the the actual public key numbers to use in the in the in the communication from that moment on that public key sorry that symmetric key on a public key is that symmetric key is used in all subsequent communications between between the client and service look like and go in check his bank statements make withdrawals make transfers every all the traffic going between the client the server from that point is completely scrambled and nobody in the middle on any of the nodes on the internet between the client the server and there are many nobody can actually read the information unless they actually have the the same asymmetric key which the client the server worked so hard to establish so that is really it about public private key encryption I hope it was useful it is only the first in series I would I think you know I want to keep it sort of fairly targeted for each video and also to give people a chance to leave feedback about you know how we'd like things to be done in the next video what topics etc so in the next video I want to cover what is the actual SSL certificate that this mysterious document that the server sent to the client how does the client know that they're genuinely talking to the bank where these Civic has come from who who originates them what role do they play what is digital signature because you hear that all the time in this whole thing and that has digital signatures are really interesting and then you know they fall into all topics like blockchain and bitcoins I'll be doing videos on those as well so if you just subscribe the video towards the channel if you because they're going to be coming up in a few weeks and what kind of ways can the SSL protocol be breached because people talk about oh you know there's certain types of attacks on SSL or TLS TLS is the new name for SSL that you might hear that term as well transport layer security but that kind of synonymous and what's the difference between sha-1 and char - a lot of stuff in the industry going on at the moment about SSL Certificates having to be upgraded from a sha-1 to a char to digital signature algorithm so all that stuff or the theory about what actually means what threats upgrading to char to mitigate will be covered as well what implications does this have for clients and servers so I actually work in in financial services in on the IT side and with it industry-wide at the moment is a big push to to basically switch from sha-1 to shout to certificates and as you know it's a bit of a headache one of the reason I want to do this is to sort of increase understanding of these basic concepts so any questions please leave a comment below or send me a message by the channel and I'll pretty good generally answering them in line in the comments if you have any requests for topics to cover in the next video please also ask me and I've actually bought a Wacom stylus kind of tablet thing you should really use the next video so kind of excited about that it'll mean you don't have to read my horrible handwriting anymore so anyway thanks for watching and it's been a long video but I hope even though it was probably repetitive that the basic concept of public private key encryption has been symmetric encryption have been sort of hammered home and it's a solid foundation we're going to learn a lot about SSL Certificates and then from there I'm going to learn about other things like blockchain Bitcoin and etc etc so thank you for watching and see you next video bye

Info

Channel: Matt Thomas

Views: 48,764

Rating: 4.8262806 out of 5

Keywords: ssl, tls, tutorial, beginner, public key, private key, RSA, ard

Id: bRBJ_0I919E

Channel Id: undefined

Length: 50min 29sec (3029 seconds)

Published: Sat Feb 06 2016