00:00:05
[Music]
00:00:14
in part one of this series we understood
00:00:16
theoretical concepts related to
00:00:19
cryptography we understood that there
00:00:22
are two primary fields of cryptography
00:00:24
one symmetric cryptography and another
00:00:27
one asymmetric cryptography in this
00:00:30
video we are going to talk about the
00:00:33
support of both of them in the data
00:00:35
power and we'll see how data power
00:00:38
supports them data power has both
00:00:41
configuration and programming using
00:00:45
configuration way you can configure
00:00:48
support for asymmetric cryptography
00:00:51
although there is some support for
00:00:53
symmetric cryptography as well but
00:00:56
symmetric cryptography is best dealt
00:00:59
using the code in data power this
00:01:02
asymmetric key cryptography field is
00:01:05
also known as public key private key
00:01:07
cryptography field an entire
00:01:09
infrastructure is out there called
00:01:12
pki it deals with generation of keys
00:01:19
certificates and uh then stamping the
00:01:22
certificate ensuring that the
00:01:24
certificate is uh uh something which
00:01:27
belongs to uh the person person who
00:01:30
holds it and so on so that's a separate
00:01:34
discussion here we are interested in
00:01:37
seeing how data power supports public
00:01:40
key private key cryptography so let's
00:01:43
get
00:01:43
started for public key private key
00:01:46
cryptography you'll have to start by
00:01:48
generating a pair of
00:01:51
keys okay the the first key is known as
00:01:55
private key the second one is known as
00:01:58
public key as I said arbitrarily you can
00:02:01
label uh them as public private Keys the
00:02:05
public key is typically stored in a
00:02:08
container called digital certificate
00:02:10
digital certificate contains public key
00:02:13
plus few more information like its uh
00:02:17
validity time period or uh like uh who
00:02:20
is vouching for uh the authenticity of
00:02:24
this certificate and so on and then
00:02:27
there is a third material which is
00:02:28
called CSR CSR essentially is not part
00:02:31
of the cryptography but CSR stands for
00:02:34
certificate signing request is a
00:02:36
material
00:02:37
required um which can it essentially
00:02:40
contains the public key private key and
00:02:42
it is required because you got to upload
00:02:44
it on the uh CA site uh CA who um
00:02:49
whoever is vouching for your
00:02:51
organization um and uh based on this
00:02:54
CSR the ca Authority is going to
00:02:58
generate a certificate package and we'll
00:03:01
send it across to you if you do not wish
00:03:04
to go to ca then CSR is useless and the
00:03:08
certificate that you are uh dealing with
00:03:11
is called the self-signed certificate
00:03:13
otherwise it is called the Cs sign
00:03:15
certificate self-signed certificates and
00:03:18
CS sign certificates both are
00:03:20
technically same except for the fact
00:03:23
that CA sign certificate are the ones
00:03:25
which you should use in internet based
00:03:28
scenario if you are are dealing with
00:03:31
scenario or integration where uh you are
00:03:34
content within your organization only
00:03:36
then you can have a self-signed
00:03:39
certificate as well and U the world has
00:03:43
moved far from the way we used to use
00:03:46
these self-sign certificates now people
00:03:49
are typically um using uh a a standard
00:03:55
Authority within their organization and
00:03:57
that Authority uh generate and issues
00:04:00
all the certificates that different
00:04:03
applications need that's totally
00:04:04
different um aspect of it so let's get
00:04:08
let's come back to the data power here
00:04:11
how will you generate a public key and
00:04:13
private key pair so you have something
00:04:16
called crypto tools the crypto tool
00:04:19
requires you to fill a form here
00:04:22
anything not marked as a star means
00:04:26
optional however optional it might look
00:04:29
like the country name is something which
00:04:31
I would suggest you to put it's a
00:04:33
two-digit three-digit uh ISO country
00:04:36
code that is provided rest all you can
00:04:39
skip but for now let's put it state is
00:04:43
Delhi locality maybe New
00:04:46
Delhi organization you can put uh
00:04:51
ABC
00:04:53
organization organizational unit you can
00:04:56
put it as I said all these are optional
00:04:59
uh you need to fill them based on your
00:05:01
uh particular
00:05:02
organization common name this is
00:05:04
important this is the name that you
00:05:07
cannot fill anything arbitrary it's this
00:05:11
name must
00:05:13
match this this name must match the host
00:05:17
name of the service where you plan to
00:05:19
attach this certificate okay so this is
00:05:23
important for you to note for now we
00:05:26
will say www.example.com
00:05:30
and key type is RSA although ecdsa is
00:05:32
supported I would suggest for for uh if
00:05:36
if not specifically asked go for RSA uh
00:05:40
key length is fine sha 256 is fine this
00:05:43
is all default file name you can just
00:05:45
keep it the
00:05:48
same and uh this is validity period you
00:05:51
can make it one year 10 year up to you
00:05:54
password alas if you wish to protect
00:05:55
your private key using a password
00:05:58
provide that
00:06:00
export private key this is important if
00:06:03
you do not so by default it is off if
00:06:05
you do not export the private key then
00:06:09
you will not be able to back it up from
00:06:12
data
00:06:13
power
00:06:14
so uh choose uh
00:06:17
judiciously if if your requirement is to
00:06:20
store it on um some kind of uh backup
00:06:24
media some somewhere secure choose
00:06:26
export private key as on this is a one
00:06:29
time
00:06:30
Affair which means that you will not get
00:06:32
this uh export option later on generate
00:06:36
self-signed certificate is turn on yes
00:06:38
we want to generate it export self- sign
00:06:41
certificate this is important if you
00:06:43
wish to store the self sign certificate
00:06:46
uh on a backup medium so if I do not
00:06:50
select this then my certificate will
00:06:53
still be generated but I will not be
00:06:54
able to download it from data power
00:06:56
again this is one time Affair you do not
00:07:00
do it here and you will never be able to
00:07:02
download it from um data power generate
00:07:05
key and certificate objects all these
00:07:08
files which are created they are useless
00:07:10
unless they are encapsulated in the form
00:07:12
of a object so objects are U important
00:07:17
stuff uh do you want to wrap them in
00:07:20
objects uh usually we say Yes um if you
00:07:24
wish you can turn it off you can later
00:07:27
exercise this option and since since we
00:07:29
have asked since we have selected it on
00:07:32
so object name it is asking what is the
00:07:35
object name that you want to provide uh
00:07:37
so I'm going to provide the common name
00:07:39
as object name so let's click on the
00:07:41
generate key option and see what happens
00:07:45
okay so it says generate the RSA key
00:07:47
paer and CSR you say confirm and then it
00:07:50
gives you an option that where it is
00:07:52
generated so I'll take you where it is
00:07:54
generated so now I closed it I'm going
00:07:57
to go back to the controll panel and um
00:08:01
I'll go to the file management and let's
00:08:03
expand the sear folder and let's let's
00:08:06
expand the temporary folder so you see
00:08:09
that you you have a private key over
00:08:11
here if you want to see the details you
00:08:13
can't do that because it's a uh it is a
00:08:15
sensitive material so you will not be
00:08:17
able to see again this is a self- signed
00:08:19
certificate yes certificate is a public
00:08:21
material so you will be able to see the
00:08:23
details you can see that it has the same
00:08:25
details as we put there what is inside
00:08:28
the temporary and why files are inside
00:08:31
the temporary see files which are inside
00:08:33
the search folder cannot be exported
00:08:36
from data power so files which are
00:08:39
inside the temporary folder are the ones
00:08:41
supposed to be downloaded from data
00:08:43
power for backup purposes so you see
00:08:45
three files here private key self- sign
00:08:48
certificate and CSR how do I save them
00:08:52
if you right click on this you say save
00:08:54
link as and then you can select a folder
00:08:57
over here you can say downloads folder
00:08:59
and then say text file and then they
00:09:02
save so you can see that it is saved if
00:09:05
you want to open it you can open it
00:09:09
um and see this is the private key that
00:09:12
you have in a similar way you can save
00:09:14
the remaining two files so this is how
00:09:19
you generate the public key private key
00:09:23
pair uh on data power remember that this
00:09:26
self-signed certificate contains the
00:09:28
public
00:09:29
this is this in itself is not a public
00:09:32
key okay but then public keys are not
00:09:36
distributed like um you write it on a
00:09:38
paper and distribute it no uh they they
00:09:41
typically take the form of a certificate
00:09:44
certificate is much like your visiting
00:09:46
card right you put your address on top
00:09:48
of it and then few more information and
00:09:50
then you distribute it um among people
00:09:54
in a similar way this certificate thing
00:09:57
that we talking about this this is uh
00:10:00
this it contains the public key but it
00:10:04
also contains additional information
00:10:07
about that public like it's validity
00:10:09
time issuing organization and so on and
00:10:12
so on so that is what this uh ssert is
00:10:16
it's a self-signed certificate CSR this
00:10:19
piece is important even if you want to
00:10:21
discard the self-signed certificate CSR
00:10:23
you want to download it why because CSR
00:10:26
is something which you want to upload to
00:10:29
The computant Authority the csite which
00:10:33
can provide you uh the certificate
00:10:35
package signed certificate package
00:10:38
against this so this is about the public
00:10:42
key private key handling in the data
00:10:45
power now um this video is going too
00:10:48
long so I'll cut it short in the next
00:10:51
video I'm going to talk about how to
00:10:53
deal with symmetric key cryptography in
00:10:56
the data power and remember we have both
00:10:59
configuration as well as the um
00:11:03
programming support for uh the symmetric
00:11:07
cryptography so see you in the next
00:11:09
video then
00:11:18
[Music]
