1
00:00:00,000 --> 00:00:05,000
Now that we understand the theory behind signatures in BGP.

2
00:00:05,000 --> 00:00:12,000
In this lecture, I want to show you how to practically verify the integrity of the message by checking

3
00:00:12,000 --> 00:00:13,000
the signature.

4
00:00:13,000 --> 00:00:18,000
So right here, I'm in John's computer and as you can see, his entry is in bold because we have the

5
00:00:18,000 --> 00:00:21,000
public and the private key for John.

6
00:00:21,000 --> 00:00:26,000
And in here for David, I have the public key of David.

7
00:00:26,000 --> 00:00:27,000
And that's why it's not bold.

8
00:00:27,000 --> 00:00:33,000
It's like all of the other public keys that we have, because as mentioned in the theory lecture, we

9
00:00:33,000 --> 00:00:38,000
need the public key of the sender in order to verify the integrity of the message.

10
00:00:38,000 --> 00:00:42,000
And obviously our own private key to decrypt the message.

11
00:00:43,000 --> 00:00:49,000
Now, right here, I have a message that is sent from David and signed by them using their own private

12
00:00:49,000 --> 00:00:54,000
key and encrypt it for me, for John, using my own public key.

13
00:00:55,000 --> 00:01:00,000
I'm not covering this in this lecture because previously when I showed you how to encrypt messages,

14
00:01:00,000 --> 00:01:01,000
I also covered how to sign them.

15
00:01:01,000 --> 00:01:04,000
As you can see in this flashback right here.

16
00:01:04,000 --> 00:01:07,000
So right now, I have the message.

17
00:01:07,000 --> 00:01:14,000
It's already signed using David's private key and encrypted using my own private key, using John's

18
00:01:14,000 --> 00:01:15,000
private key.

19
00:01:15,000 --> 00:01:19,000
So all I have to do in here is simply copy the message.

20
00:01:20,000 --> 00:01:22,000
And go to my notepad.

21
00:01:23,000 --> 00:01:28,000
Paste the message and we're going to click on Decrypt Verify Notepad.

22
00:01:28,000 --> 00:01:34,000
Now it's going to ask me for my own private key in order to decrypt the message, just like we seen

23
00:01:34,000 --> 00:01:38,000
earlier, because the message is actually encrypted using my public key, using John's public key.

24
00:01:39,000 --> 00:01:41,000
So I'm going to put the passphrase.

25
00:01:44,000 --> 00:01:48,000
And again, as we saw earlier, we can see the message decrypted in here.

26
00:01:48,000 --> 00:01:50,000
But that's not what we're here for.

27
00:01:50,000 --> 00:01:52,000
What we're here for is the signature.

28
00:01:52,000 --> 00:01:57,000
We want to make sure that David is actually the person that sent this message.

29
00:01:57,000 --> 00:02:03,000
And we should be able to do this, because this time, unlike the last time we actually imported David's

30
00:02:03,000 --> 00:02:05,000
public key in Cleopatra.

31
00:02:05,000 --> 00:02:09,000
So all I have to do now is click on the audit log in here.

32
00:02:10,000 --> 00:02:16,000
And as you can see, it's telling us that we have a good signature from David Smith.

33
00:02:16,000 --> 00:02:22,000
This means that whoever sent this message has the private key for David Smith.

34
00:02:22,000 --> 00:02:28,000
Therefore, we can be sure that David Smith is the person that actually sent this message so we can

35
00:02:28,000 --> 00:02:33,000
verify the integrity of the message and we can verify that the sender is actually the sender that they

36
00:02:33,000 --> 00:02:34,000
are claiming to be.

37
00:02:35,000 --> 00:02:42,000
Not only that, but we're also sure that the content of this message was not modified since it was created

38
00:02:42,000 --> 00:02:45,000
or composed by David or by the sender.

39
00:02:45,000 --> 00:02:52,000
Because as mentioned earlier, if the message gets modified, then this signature will not check out,

40
00:02:52,000 --> 00:02:54,000
the verification will fail.

41
00:02:54,000 --> 00:03:00,000
And knowing that the message did not get modified is very, very important because as mentioned earlier,

42
00:03:00,000 --> 00:03:06,000
when data is sent, it passes over a number of points where it can be modified.

43
00:03:06,000 --> 00:03:11,000
It can also be intercepted and modified by hackers or agencies.

44
00:03:11,000 --> 00:03:17,000
Therefore, checking the signature like this is really, really important to make sure that the message

45
00:03:17,000 --> 00:03:20,000
did not get modified since it was created.

46
00:03:21,000 --> 00:03:27,000
You can also see in here that it's saying the key is not certified with a trusted signature.

47
00:03:27,000 --> 00:03:28,000
This is fine.

48
00:03:28,000 --> 00:03:32,000
This is just because the key is not set to be trusted within Cleopatra.

49
00:03:32,000 --> 00:03:37,000
But the main thing is you want to make sure that it's saying that you got a good signature from the

50
00:03:37,000 --> 00:03:40,000
sender, that you're expecting this message to be sent from.

51
00:03:41,000 --> 00:03:48,000
So now, as a result, we are able to send encrypted messages that can only be read by the receiver.

52
00:03:48,000 --> 00:03:54,000
The receiver, on the other hand, can make sure that this message is actually sent from us, and they

53
00:03:54,000 --> 00:04:01,000
can also make sure that the message did not get modified since it was written or created or composed

54
00:04:01,000 --> 00:04:02,000
by us.