Python for Entrepreneurs Transcripts
Chapter: Source Control and Git
Lecture: Asymmetric key overview
Login or purchase this course to watch this video and the rest of the course contents.
0:01 We've had a chance to play around with Git and take a look at the basic settings on GitHub, but in order to go further with our projects,
0:07 we are going to need to setup public and private keys, also known as asymmetric keys.
0:11 Asymmetric keys are computer science concept for encryption and authorization, in the next few videos we'll create our public and private keys
0:18 but let's take a look at the basic concepts behind them. Let's say you've got a message or a piece of data you want to share with someone
0:24 and you don't want anyone else, even if they intercept it, to be able to understand what's in that message,
0:29 you can use a public key as long as the party that you are sending to has the appropriate private key that matches with that public key
0:35 and you can use the public key to encrypt that message or data, only the party with the private key will be able to decrypt that data.
0:41 A public key can be shared freely, posted on the internet, wherever,
0:44 it doesn't matter if it gets out in the open, in fact, it's better if it's out in the open,
0:48 because then people can use to send you messages as long as you have the private key.
0:52 The private key is the counterpart, it's used not only to decrypt that data that is encrypted with the public key,
0:59 but also to sign messages and to validate you are who you say you are based on the fact that you own this private key,
1:05 you will never want to share your private key and if you ever think that your private key has been compromised
1:10 you are going to want to regenerate both the public and private key. Here is how encrypting and decrypting messages with asymmetric keys works,
1:17 let's say you've got a message in plain text, you can use the public key to encrypt that message,
1:23 so when you take a look at it, it looks like just a bunch of garbage, but inside that supposed garbage lies the message
1:29 that was originally plain text that was encrypted. Only the owner of the private key can decrypt the message and extract the plain text.
1:37 This is how one way encryption works, with asymmetric keys, the public key does the encryption, the private key does the decryption.
1:44 There is a counter part to this which is if you have the private key you can use that to identify yourself and use it as authorization,
1:50 and this is what we need to do on GitHub in order to specify who we are. We can use the private key to identify I am who I say I am,
1:58 because I have this private key, and it says the public key is out in the open anybody should be able to confirm that you have the valid identity
2:05 based off of a message that you've signed with your private key. Let's say you have a message and you use your private key to sign it,
2:11 then anyone can take that message signature and confirm your identity
2:14 based off of the public key, so that's the second bit associated with asymmetric keys. The private key can be used for authorization,
2:22 in addition to the public key being used for encryption. Just to recap, public keys can be used to encrypt messages and data,
2:29 and they can only be decrypted by that private key; a private key can be used for identification, I am who I say I am because I own this private key,
2:37 I am the only one who controls it and that be confirmed and validated by the public key, so that's a really high level overview of asymmetric keys
2:45 and how public keys are used to encrypt data, and private keys are used to sign messages and authorize identity.