Python for Entrepreneurs Transcripts
Chapter: Source Control and Git
Lecture: Asymmetric key overview
0:01 We've had a chance to play around with Git and take a look at the basic settings on GitHub,
0:04 but in order to go further with our projects,
0:06 we are going to need to setup public and private keys, also known as asymmetric keys.
0:10 Asymmetric keys are computer science concept for encryption and authorization,
0:14 in the next few videos we'll create our public and private keys
0:17 but let's take a look at the basic concepts behind them.
0:20 Let's say you've got a message or a piece of data you want to share with someone
0:23 and you don't want anyone else, even if they intercept it,
0:26 to be able to understand what's in that message,
0:28 you can use a public key as long as the party that you are sending to
0:31 has the appropriate private key that matches with that public key
0:34 and you can use the public key to encrypt that message or data,
0:37 only the party with the private key will be able to decrypt that data.
0:40 A public key can be shared freely, posted on the internet, wherever,
0:43 it doesn't matter if it gets out in the open, in fact, it's better if it's out in the open,
0:47 because then people can use to send you messages as long as you have the private key.
0:51 The private key is the counterpart, it's used not only to decrypt that data
0:55 that is encrypted with the public key,
0:58 but also to sign messages and to validate you are who you say you are
1:01 based on the fact that you own this private key,
1:04 you will never want to share your private key
1:06 and if you ever think that your private key has been compromised
1:09 you are going to want to regenerate both the public and private key.
1:12 Here is how encrypting and decrypting messages with asymmetric keys works,
1:16 let's say you've got a message in plain text,
1:19 you can use the public key to encrypt that message,
1:22 so when you take a look at it, it looks like just a bunch of garbage,
1:25 but inside that supposed garbage lies the message
1:28 that was originally plain text that was encrypted.
1:31 Only the owner of the private key can decrypt the message and extract the plain text.
1:36 This is how one way encryption works, with asymmetric keys,
1:39 the public key does the encryption, the private key does the decryption.
1:43 There is a counter part to this which is if you have the private key
1:46 you can use that to identify yourself and use it as authorization,
1:49 and this is what we need to do on GitHub in order to specify who we are.
1:54 We can use the private key to identify I am who I say I am,
1:57 because I have this private key, and it says the public key is out in the open
2:01 anybody should be able to confirm that you have the valid identity
2:04 based off of a message that you've signed with your private key.
2:07 Let's say you have a message and you use your private key to sign it,
2:10 then anyone can take that message signature and confirm your identity
2:13 based off of the public key, so that's the second bit associated with asymmetric keys.
2:18 The private key can be used for authorization,
2:21 in addition to the public key being used for encryption.
2:24 Just to recap, public keys can be used to encrypt messages and data,
2:28 and they can only be decrypted by that private key;
2:31 a private key can be used for identification,
2:34 I am who I say I am because I own this private key,
2:36 I am the only one who controls it and that be confirmed and validated by the public key,
2:41 so that's a really high level overview of asymmetric keys
2:44 and how public keys are used to encrypt data,
2:47 and private keys are used to sign messages and authorize identity.