00:00:05
[Music]
00:00:14
in this video we are going to talk about
00:00:17
key and certificate handling in the data
00:00:19
power I created this video in two parts
00:00:23
one part one where I intend to provide
00:00:26
you theoretical introduction necessary
00:00:29
to to understand key handling in the
00:00:31
data power and part two where we jump
00:00:35
onto the data power interface and will
00:00:38
experience how the key and certificate
00:00:41
handling takes place in the data power
00:00:44
if you are already aware about the
00:00:47
concepts of cryptography public key
00:00:50
private key and symmetric Keys feel free
00:00:53
to es skip this this is an intro
00:00:57
necessary to understand the
00:01:00
concept of key and certificate handling
00:01:03
in the data
00:01:04
power so let's get started the field of
00:01:08
cryptography essentially revolves around
00:01:10
three actors
00:01:13
sender receiver and if dropper sender is
00:01:18
the person sends the message receiver is
00:01:21
the person who is intended recipient of
00:01:23
that message an e dropper is somebody
00:01:27
who is assumed to have full access on
00:01:31
the communication medium and it is
00:01:34
assumed that the ifs dropper can get a
00:01:36
copy of every message which is passing
00:01:40
between sender and the receiver there
00:01:43
are two fundamental problems in
00:01:45
cryptography one how to send a private
00:01:50
message between sender and receiver and
00:01:54
second how a message can be sent between
00:01:58
sender and receiver in such a way way
00:02:00
that receiver can understand that it it
00:02:04
it indeed came from sender this calls
00:02:07
for or this is called message inte
00:02:11
Integrity message privacy is all about
00:02:15
having a private
00:02:17
communication so message privacy says
00:02:20
that sender can send a message to a
00:02:22
receiver which only receiver can
00:02:25
understand even if the if dropper gets a
00:02:28
message a copy of that message the
00:02:32
message must be
00:02:34
incomprehensible for the is
00:02:37
dropper naturally you can see that if
00:02:41
sender says let's have a dinner tonight
00:02:44
in plain
00:02:45
text receiver can understand it yes but
00:02:48
so can if dropper so this is not a
00:02:52
private
00:02:53
message you can see by yourself that the
00:02:58
message privacy calls for some kind of
00:03:01
message
00:03:03
transformation this message
00:03:07
transformation is supposed to convert
00:03:09
the message for example let's have a
00:03:12
dinner tonight into something
00:03:17
unintelligible something
00:03:19
gibberish now there must be a function a
00:03:22
mathematical function doing the same and
00:03:25
that's what is referred as f1x y on the
00:03:28
top left corner we'll talk about the key
00:03:31
um in a
00:03:33
moment as you can see that the function
00:03:37
transforms a clear text let's have a
00:03:40
dinner tonight to something which is
00:03:43
looks gibberish ax something which is
00:03:46
which you can see here at the other end
00:03:49
this gibberish
00:03:50
goes of course at the other end we miss
00:03:53
we need to have a mechanism where we can
00:03:56
convert this gibberish back into clear
00:03:59
text like let's have a dinner tonight so
00:04:02
we need another mathematical function
00:04:03
for that the first function which
00:04:06
translates clear text into gibberish is
00:04:10
called encryption function the process
00:04:13
is called encryption that's its
00:04:15
name the second one where we convert
00:04:19
gibberish back into the clear text that
00:04:23
function is called decryption function
00:04:26
process is called
00:04:28
decryption now
00:04:30
it may seem like if we keep the function
00:04:34
secret for example if two actors sender
00:04:38
and receiver if they keep these
00:04:39
functions secret they can communicate
00:04:42
with each other well and good but it
00:04:45
turns out that keeping the function
00:04:47
secret may not be a good idea at all so
00:04:52
you essentially practically you cannot
00:04:55
keep these functions F1 and F2 Secret
00:05:00
okay so if these functions cannot be
00:05:02
kept secret then these functions are
00:05:05
known to IFS dropper as well and if
00:05:07
sender sends a message to the receiver
00:05:09
if dropper can get a copy of it using
00:05:12
the function it can uh it can decrypt
00:05:15
that fun uh message and it can uh get a
00:05:19
clear text copy of that message message
00:05:22
privacy is
00:05:23
thed well it turns out that the function
00:05:29
should have something which only the
00:05:33
sender and receiver
00:05:35
poseses it's our function F1 and F2 are
00:05:38
our function we can make it the way we
00:05:40
want so instead of accepting one
00:05:42
parameter let's make it accept two
00:05:44
parameters the second parameter is a
00:05:48
number a text any data that we label as
00:05:53
key and we say that key is such a number
00:05:57
such a piece of information which is
00:06:00
only known to sender and receiver so now
00:06:04
we have a function which is known by
00:06:06
everyone sender receiver and if dropper
00:06:08
but we have something called key which
00:06:11
is known only to sender and receiver now
00:06:16
in the process of encryption apart from
00:06:19
the regular clear text this key is fed
00:06:22
as an input and we get an output now
00:06:25
this output can only be converted into
00:06:28
clear text if we have the right key and
00:06:31
the right key is with the sender and
00:06:33
receiver so even if the ifs dropper has
00:06:37
a knowledge of function even if they
00:06:40
even if it can get a copy of every
00:06:42
message transmitting between sender and
00:06:44
receiver since it doesn't have the key
00:06:47
it will not be able to perform
00:06:50
encryption and decryption process that
00:06:53
achieves the message privacy so you will
00:06:57
see that every type of every type of uh
00:07:01
scenario where encryption and decryption
00:07:04
is
00:07:05
involved there you will have to generate
00:07:09
a pair of
00:07:10
keys and why because the pair pair of
00:07:14
keys are prominent function Remains the
00:07:16
Same you have same function RSA Dy
00:07:19
Helman these functions remain same every
00:07:22
scenario but the key is something which
00:07:26
is unique between the sender and
00:07:27
receiver that's why whenever you have
00:07:30
you have any kind of encryption
00:07:32
decryption scenario you always start
00:07:34
with generating a pair of keys why pa
00:07:37
because one should reside with a sender
00:07:39
one another one should reside with a
00:07:42
receiver so this solves the message
00:07:45
privacy problem but then the next
00:07:48
problem a sender sent a message to a
00:07:52
receiver if dropper is there it can trap
00:07:55
the
00:07:56
message it can uh all it and it can send
00:08:01
it to receiver and it might trick
00:08:04
receiver believing that it it has came
00:08:06
to a genuine sender so this is a problem
00:08:09
which calls for a solution which is
00:08:12
called message Integrity a message
00:08:14
integrity means a receiver can prove
00:08:18
that the message has actually come from
00:08:21
sender and not surprisingly this is
00:08:24
something which is carried out or solved
00:08:28
using something called digital signature
00:08:31
we do it every day in in our life and uh
00:08:35
the inspiration has come uh from our
00:08:38
everyday life imagine days where
00:08:41
computers were not there and when we
00:08:43
used to do the banking uh we have we had
00:08:46
a Le uh uh Bank check where we used to
00:08:50
put our signature and then we uh send it
00:08:53
to the bank the bank would verify the
00:08:55
signature and here you have the fund
00:08:57
transfer in a similar way
00:09:00
way sender should be able to put his
00:09:04
signature on the digital information and
00:09:07
this signature is called digital
00:09:10
signature not surprisingly again it's
00:09:12
called digital
00:09:13
signature now the digital signature is
00:09:17
something which must be created using
00:09:22
something which sender posesses uniquely
00:09:26
otherwise the signature would not work
00:09:29
and it turns out that the solution for
00:09:32
message Integrity is also in what you
00:09:36
call keys so we have a function in
00:09:39
digital signature world we have a
00:09:41
function the function would take
00:09:43
messages an input and the function would
00:09:47
generate a digital signature okay fine
00:09:50
it can do that but for that it needs
00:09:53
another
00:09:54
parameter the another parameter is
00:09:57
called key the this key is unique for
00:10:02
every person who generates the digital
00:10:05
signature that's why you see that
00:10:07
whenever you um have to generate a
00:10:10
digital signature you always talk about
00:10:12
something called private key this is the
00:10:14
key that you will feed as an input to
00:10:17
this function and this will generate uh
00:10:21
or this will come into the digital
00:10:24
signature of what is uh what is created
00:10:27
out of that message now the algorithm of
00:10:31
creating digital signature Etc is out of
00:10:33
the um out of the current discussion but
00:10:37
in simple words I tried to explain how
00:10:40
the digital signature is created and why
00:10:43
there is a need for a key now the world
00:10:46
of cryptography is actually divided in
00:10:49
two parts one is called symmetric
00:10:52
cryptography another one is called
00:10:54
asymmetric
00:10:56
cryptography symmetric cryptography is
00:10:58
characterized by the fact that sender
00:11:01
and receiver uses exactly exactly same
00:11:06
key for both encryption and
00:11:09
decryption it is fast in nature you can
00:11:13
have you can encrypt or decrypt uh
00:11:16
megabytes of data in matter of seconds
00:11:20
however a problem core problem in this
00:11:23
is how to establish Keys between sender
00:11:27
and receiver when they are far apart not
00:11:29
in a secure manner that's a challenge in
00:11:32
symmetric cryptography however symmetric
00:11:35
cryptography is very fast in nature and
00:11:39
uh it utilizes or it is characterized by
00:11:42
the fact that sender and receiver uses
00:11:45
the exactly same key for both encryption
00:11:48
and decryption remember that in
00:11:50
symmetric cryptography the keys are
00:11:52
called secret
00:11:54
Keys then there is another world it is
00:11:56
called asymmetric cryptography this is
00:11:59
characterized by the fact that sender
00:12:02
and receiver uses different but related
00:12:06
Keys these keys are of such nature that
00:12:10
knowing one key it is computationally
00:12:14
invisible to derive the second key out
00:12:16
of that also materials which are
00:12:20
encrypted using one key can only and
00:12:25
only be decrypted using the second key
00:12:27
meaning if you use
00:12:29
a key to encrypt a text you cannot use
00:12:32
the same key to decrypt the text it must
00:12:36
be it can only be decrypted using the
00:12:39
second key it is comparatively extremely
00:12:43
slow compared to symmetric cryptography
00:12:46
in such a way that even if you have to
00:12:49
encrypt uh one single page of data with
00:12:52
it it might
00:12:54
take several minutes two hours to
00:12:58
implement to to encrypt that as you can
00:13:01
see asymmetric key is very slow to an
00:13:05
extent that it cannot be used for any
00:13:08
practical Communication in real world so
00:13:12
the idea is that any practical scheme
00:13:15
that um utilizes a secure communication
00:13:19
that aims to achieve a secure
00:13:21
communication utilizes best out of both
00:13:24
words for example the SSS TLS SSL TLS
00:13:28
scheme
00:13:29
utilizes both asymmetric key and
00:13:32
symmetric key
00:13:33
cryptography both have their own
00:13:35
advantages and both have their own
00:13:38
weaknesses so the SSL TLS scheme
00:13:41
carefully avoids the weaknesses of these
00:13:46
schemes and utilizes the strength of uh
00:13:49
both of them that is what cryptography
00:13:52
is all about the summary section is
00:13:55
pretty much what I mentioned uh you have
00:13:58
to remember that ke cryptography uh is
00:14:01
characterized by the fact that both
00:14:03
sender and receiver have the same key
00:14:05
and asymmetric key they will have
00:14:08
essentially different Keys now these
00:14:10
Keys which are um uh which are different
00:14:14
for asymetric cryptography they are
00:14:17
arbitrarily labeled as public key and
00:14:20
private key which means that when you uh
00:14:23
when you think about deploying
00:14:24
asymmetric cryptography you'll generate
00:14:27
a pair of keys one of the Keys you
00:14:30
arbitrarily label as private key another
00:14:33
one we will label as a um public key and
00:14:37
the one that you label as a public key
00:14:40
you can send it across or you can
00:14:42
publish it to the world uh you need not
00:14:45
have to worry about whether um it is
00:14:48
received by the intended recipient or if
00:14:50
is it is received by the Intruder it
00:14:52
doesn't matter okay um as long as you
00:14:55
are in the possession of the private key
00:14:58
the asymmetric cryptography will work
00:15:00
just fine in symmetric cryptography you
00:15:03
generate one single key this key is
00:15:06
called your uh secret key and uh this
00:15:11
key is the one using which both
00:15:13
encryption and decryption happens so
00:15:16
that is about both symmetric and
00:15:18
asymmetric cryptography that's the end
00:15:21
of it uh see in part two where we jump
00:15:24
onto the data power interface and we
00:15:26
will see um how data power supports both
00:15:31
asymmetric cryptography and symmetric
00:15:34
cryptography thank you
00:15:44
[Music]
