1
00:00:00,930 --> 00:00:06,900
Now before we wrap up this section I want to spend one more lecture talking about another method to

2
00:00:06,900 --> 00:00:10,810
exchange keys between the sender and the receiver.

3
00:00:10,860 --> 00:00:16,980
So as we learned we can use PDP in order to encrypt the message and make sure that this message will

4
00:00:17,010 --> 00:00:23,350
only be readable by the receiver by encrypting the message with the receiver's public key.

5
00:00:23,880 --> 00:00:29,730
Therefore for this to work for example if David wanted to send a message to John he would have had to

6
00:00:29,730 --> 00:00:34,340
get John's public key then same goes for John.

7
00:00:34,340 --> 00:00:40,800
If John wanted to send something to David he would have had to get David's public key and to exchange

8
00:00:40,800 --> 00:00:42,960
the keys in the previous lectures.

9
00:00:42,960 --> 00:00:47,940
We used email to send the keys from one person to another.

10
00:00:47,940 --> 00:00:50,860
Now we can use any method of communication.

11
00:00:51,000 --> 00:00:57,150
And like I said sometimes if you're using a market or if you're on a forum you might even see the user

12
00:00:57,300 --> 00:01:02,790
including the public key in their signature or in their profile page.

13
00:01:02,790 --> 00:01:07,850
That way you can use that key to encrypt messages and send them to that user.

14
00:01:08,100 --> 00:01:14,230
And you'll be sure that the only person that will be able to read this message is the user.

15
00:01:14,310 --> 00:01:21,840
Now there is another way of sharing the keys which I want to cover in this lecture and that way relies

16
00:01:21,930 --> 00:01:29,970
on using key servers so you can think of this as a computer that's accessible on the Internet or on

17
00:01:29,970 --> 00:01:30,980
the darknet.

18
00:01:31,020 --> 00:01:38,850
It contains a number of keys and then for example if David wanted to share his public key with John

19
00:01:38,910 --> 00:01:44,790
or with anyone else they can upload their key to the server.

20
00:01:44,790 --> 00:01:48,930
Same goes for John if he wanted to share his public key with others.

21
00:01:48,990 --> 00:01:52,220
He can upload his key to the server as well.

22
00:01:53,370 --> 00:02:00,540
And then if David wanted to communicate with John he won't need to ask John for the public key directly.

23
00:02:00,540 --> 00:02:04,960
And John won't need to communicate with David directly and send him the key.

24
00:02:05,460 --> 00:02:11,880
All David has to do is query the server the key server that is accessible like I said on the darknet

25
00:02:11,970 --> 00:02:16,580
or on the internet and download John's public key.

26
00:02:16,590 --> 00:02:20,040
Same goes for John if you wanted to get David's public key.

27
00:02:20,100 --> 00:02:24,450
He can query the server download David's key and that way.

28
00:02:24,450 --> 00:02:32,040
Both David and John have each other's public keys and therefore they can start communicating and encrypted

29
00:02:32,040 --> 00:02:37,010
messages to each other using each other's public keys.

30
00:02:37,050 --> 00:02:42,810
The only thing that you can to keep in mind when doing this is when you upload your key to this public

31
00:02:42,810 --> 00:02:46,720
server anybody can get your public key.

32
00:02:46,740 --> 00:02:50,960
Now like I said the public key cannot be used to decrypt your messages.

33
00:02:51,330 --> 00:02:56,370
But as we've seen before there is an identity tied up to the key.

34
00:02:56,370 --> 00:03:03,200
Now we used fake information but if you're using real information the name will be visible on that key.

35
00:03:03,630 --> 00:03:10,770
And the email associated with that key again like we seen before when we create a key which we set an

36
00:03:10,830 --> 00:03:12,600
email address with that key.

37
00:03:12,870 --> 00:03:16,020
So that email will also be publicly available.

38
00:03:16,350 --> 00:03:24,330
So if you don't want to make this information available then do not upload your keys to these key servers.

39
00:03:24,330 --> 00:03:31,380
Also if the key is associated with other keys or part of a chain of trust these keys will also become

40
00:03:31,410 --> 00:03:34,710
available along with the information tied up to them.

41
00:03:34,950 --> 00:03:42,210
So any contact associated with the key will also become available and public once you upload that key

42
00:03:42,210 --> 00:03:43,560
to the key server.

43
00:03:43,560 --> 00:03:49,170
So again if you don't want this information to be public then do not upload your key to the key server

44
00:03:49,380 --> 00:03:54,200
and just send it directly to the people that you want to share your public key with.

45
00:03:54,210 --> 00:04:01,260
But like I said the main idea remains sound sharing the public key does not compromise the encryption

46
00:04:01,650 --> 00:04:05,250
the public key cannot be used to decrypt the messages.

47
00:04:05,250 --> 00:04:07,310
It can only be used to encrypt them.

48
00:04:07,620 --> 00:04:08,900
Hence the name public.

49
00:04:09,000 --> 00:04:14,100
And that's why we can actually share it with anyone we want and we can just make it publicly available

50
00:04:15,450 --> 00:04:15,860
now.

51
00:04:15,890 --> 00:04:17,090
Let's see how we can do this.

52
00:04:17,150 --> 00:04:23,660
So first of all I'm going to go to John's computer right here and let's say that I want to make my private

53
00:04:23,660 --> 00:04:29,320
key so this key right here available and I want to upload it to a key server.

54
00:04:29,430 --> 00:04:34,450
Now before uploading it to a key server I need to enable this feature and to do that.

55
00:04:34,460 --> 00:04:42,320
We're going to go to edit preferences and in here when it says publish keys too I'm going to click on

56
00:04:42,320 --> 00:04:46,340
the drop down menu and select the server right here.

57
00:04:46,340 --> 00:04:48,880
Now as you can see this is an online service.

58
00:04:48,920 --> 00:04:55,650
Therefore whoever is going to download this key needs to be connected to the TOR network.

59
00:04:55,670 --> 00:05:02,360
Now I'm going to close this and the next thing that I'm going to do is upload this key to the key server.

60
00:05:02,540 --> 00:05:07,790
So to do that we're going to go to remote and sync and publish keys.

61
00:05:07,910 --> 00:05:12,980
This is telling us that one key is selected and it's going to be synchronized and uploaded to the key

62
00:05:12,980 --> 00:05:15,160
server that we selected.

63
00:05:15,230 --> 00:05:23,330
We're going to click on sync and this will upload my key to the key server that we selected.

64
00:05:23,360 --> 00:05:26,970
Now anyone who wants to communicate with me will join week.

65
00:05:27,080 --> 00:05:36,080
They can query this key server and find my public key and use that to encrypt messages for me.

66
00:05:36,080 --> 00:05:40,030
So in our example it's David that wants to communicate with John.

67
00:05:40,160 --> 00:05:47,480
We have his computer right here and all he needs to do is open his passwords and keys from the utilities.

68
00:05:47,480 --> 00:05:56,700
As we've seen before and he is going to first select the G and you PGE keys go to remote and click on

69
00:05:56,700 --> 00:05:58,350
find the remote keys.

70
00:05:58,350 --> 00:06:05,850
So these are the steps that you need to use if you want to pull a key from a key server when you click

71
00:06:05,850 --> 00:06:06,290
on this.

72
00:06:06,300 --> 00:06:12,270
You'll get a search box as you can see in here which you can use to search for your contact.

73
00:06:12,300 --> 00:06:17,490
You can search using the name associated with the key as we know that's John wake.

74
00:06:17,520 --> 00:06:27,090
You can also use the e-mail or the I.D. I'm just going to use the email which is G N C K 7 at a blue

75
00:06:27,090 --> 00:06:36,800
dot in and I'm going to click on Search now as you can see I have the result right here.

76
00:06:36,800 --> 00:06:43,430
Now you can right click and look up the properties of this contact and you can see this is for a person

77
00:06:43,430 --> 00:06:44,660
named John wake.

78
00:06:44,690 --> 00:06:46,180
You can see the e-mail.

79
00:06:46,310 --> 00:06:48,080
You can see the key I.D..

80
00:06:48,500 --> 00:06:54,350
And if we click on details you'll also be able to see the key fingerprint.

81
00:06:54,350 --> 00:07:02,450
Now ideally you'd want to confirm the key I.D. and the fingerprint with your contact before adding this

82
00:07:02,450 --> 00:07:08,870
key because as we seen anyone can publish a key to the key server and claim to be anybody.

83
00:07:08,870 --> 00:07:14,640
So we're not sure that this John Wick is actually the John Wick that we need to communicate with.

84
00:07:14,690 --> 00:07:21,110
Therefore you should communicate with your contact use in another method of communication for example

85
00:07:21,110 --> 00:07:25,910
by e-mail by phone or by a text message and confirmed the fingerprint.

86
00:07:25,910 --> 00:07:32,030
And the idea that you're about to add to make sure that this is the correct fingerprint and the correct

87
00:07:32,120 --> 00:07:39,880
I.D. for the key that you want to add now obviously John can get this information again by going to

88
00:07:39,880 --> 00:07:45,610
his passwords and keys right click his own key click on properties and he can get his own fingerprint

89
00:07:45,850 --> 00:07:50,270
and use that to help you confirm that this is the right contact.

90
00:07:50,500 --> 00:07:57,280
Once you're sure this is the right contact you can click it in here and click on import to add to your

91
00:07:57,280 --> 00:08:06,670
keys and as you can see it got added in here into my keyring and then as we've seen before you can start

92
00:08:06,670 --> 00:08:13,540
typing messages and encrypt them from the applet in here or encrypt files by right clicking the files

93
00:08:13,570 --> 00:08:15,840
and encrypting them.

94
00:08:16,020 --> 00:08:21,810
So basically I just wanted to show you another method of key exchange how you can upload a key to a

95
00:08:21,810 --> 00:08:29,130
key server and how your contact can download it or how you can download a key from the key server.

96
00:08:29,130 --> 00:08:35,610
Now keep in mind when you upload a key to the key server it might not become immediately available.

97
00:08:36,000 --> 00:08:44,340
I actually posed the video and resumed recording after several hours after uploading the John Key because

98
00:08:44,340 --> 00:08:47,980
usually there are more than just one key server.

99
00:08:48,030 --> 00:08:53,520
So when you upload your key to one of the servers it actually takes some time for the key to be shared

100
00:08:53,520 --> 00:08:54,850
with all of the servers.

101
00:08:54,930 --> 00:09:02,190
And to become available for everybody to download so if you uploaded a key and your contact tried to

102
00:09:02,190 --> 00:09:06,200
download it within the same hour and couldn't find it then that's fine.

103
00:09:06,210 --> 00:09:10,920
Just tell them to wait for a few hours and then they should be able to download it.