Sensitive Data4:16 with Kenneth Love
How does GPG protect sensitive data?
So, we have tons of options for hashing our data. 0:00 From fast and fairly breakable hashes to hashes that stress processors and 0:02 memory constraints. 0:06 But sometimes we need to be able to get our data back from its safely 0:07 encoded state. 0:09 Let's briefly go over private key and public key encryption again. 0:11 In private key or symmetric encryption, encoding and 0:14 decoding the message is done with the same key. 0:17 If the key is ever breached, 0:19 all the communications are now available to unauthorized eyes. 0:20 This still has its uses though if press since you're locking something away 0:23 just for yourself. 0:26 For public key or asymmetric encryption, encoding and 0:28 decoding are done with two separate keys. 0:31 Encoding is done using the public key and decoding is done using the private one. 0:33 This means you can give people your public key. 0:37 They can encode messages for 0:39 you using it and you and only you can then decode them with your private key. 0:40 We've actually combined both of these techniques in the technologies like 0:46 Transport Layer Security and Secure Socket Layer. 0:48 Or as you probably know them TLS and SSL. 0:51 In this setup, your client, usually a browser, in a server generated 0:53 shared secret which they use to encode and decode all traffic between them. 0:57 In addition, the server also provides a public key which is used to authenticate 1:01 its identity to your client and to verify where each set of data originated. 1:05 TLS and SSL are what are used to provide the security in HTTPS connections. 1:09 Check the URL above and you should see some sort of lock or 1:14 indicator that you're currently using a secure HTTPS connection. 1:16 Let me show you quickly, a practical example of using public key 1:20 encryption with the free open source tool gnuPG or GPG. 1:23 So, I already have GPG installed on this computer. 1:28 If you don't have it installed, check the teacher's notes for 1:31 guides on how to install it yourself if you want to use it. 1:34 So, I've already generated a couple of keys here. 1:37 These are just for illustrative purposes, I wouldn't use these keys publicly, 1:39 as they're not the most secure keys I've ever generated. 1:43 So I have one that I've generated for myself, and 1:48 I have one that I've generated for Craig. 1:49 And Craig has sent me a message, has sent me a text file here about lunch, 1:52 and he encrypted this using my private key. 1:58 So, let me show you what this message looks like, 2:01 let's see if we can open, assuming that we can open that and a TextEdit. 2:04 No, I need to do a lower case A. 2:13 Here's what the file looks like. 2:16 That's not a lunch order that I would ever recognize, 2:18 and I'm assuming you wouldn't either. 2:23 Obviously, we can't read it. 2:26 That's the entire point, right? 2:26 That we don't know how to read this. 2:28 But I can use my private key to be able to read this. 2:30 So, I can use gpg2 and then the default is the decrypt. 2:34 So, I can say, okay, open up lunch, that one, and it asked me for my password. 2:40 So, you'll notice here that it's using the secret key for me at my email address. 2:44 So, if I put in my secret key password then we 2:50 get here that it was gpg encrypted by 4096-bit RSA key. 2:55 It was encrypted for Kenneth Love that was the key it was encrypted with. 3:02 There was a signature that was created. 3:06 And it was a good signature from Craig Denise. 3:08 And so now, we should have a new file and we do. 3:10 So let's open up lunch.txt with TextEdit. 3:15 And it says I could really go for a taco, how about you? 3:20 Yep, that's definitely from Craig. 3:24 So, if I had received this as a message over the wire, or the internet. 3:28 I could do whatever I needed now with this data, both the encrypted version or 3:32 the decrypted version. 3:37 I could store the data on a database, I could put the file somewhere on a server. 3:38 Or I could transfer it to some other service or send it on to someone else. 3:42 Most likely, 3:45 I would receive this as an email, which is what GPG really shines for. 3:46 There's obviously a lot more involve in encryption. 3:51 Especially the world forward secrecy which ensures that access to 3:53 one key doesn't mean access to previous messages. 3:56 Setting up your Apache or 3:58 NGINX server to use SSL is also outside of the scope of this course. 3:59 If you'd like more information on these topics or 4:03 other encryption related topics please tell us. 4:05 You're now armed with knowledge for hashing and encrypting data but 4:08 do you need to do all of that? 4:11 Let's take a look at places where it's smarter to offload that work 4:12 to a third party 4:15
You need to sign up for Treehouse in order to download course files.Sign up