Heads up! To view this whole video, sign in with your Courses account or enroll in your free 7-day trial. Sign In Enroll
Preview
Start a free Courses trial
to watch this video
How does GPG protect sensitive data?
Related Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign upRelated Discussions
Have questions about this video? Start a discussion with the community and Treehouse staff.
Sign up
So, we have tons of options for
hashing our data.
0:00
From fast and fairly breakable hashes
to hashes that stress processors and
0:02
memory constraints.
0:06
But sometimes we need to be able to
get our data back from its safely
0:07
encoded state.
0:09
Let's briefly go over private key and
public key encryption again.
0:11
In private key or
symmetric encryption, encoding and
0:14
decoding the message is
done with the same key.
0:17
If the key is ever breached,
0:19
all the communications are now
available to unauthorized eyes.
0:20
This still has its uses though if press
since you're locking something away
0:23
just for yourself.
0:26
For public key or
asymmetric encryption, encoding and
0:28
decoding are done with two separate keys.
0:31
Encoding is done using the public key and
decoding is done using the private one.
0:33
This means you can give
people your public key.
0:37
They can encode messages for
0:39
you using it and you and only you can
then decode them with your private key.
0:40
We've actually combined both of these
techniques in the technologies like
0:46
Transport Layer Security and
Secure Socket Layer.
0:48
Or as you probably know them TLS and SSL.
0:51
In this setup, your client,
usually a browser, in a server generated
0:53
shared secret which they use to encode and
decode all traffic between them.
0:57
In addition, the server also provides
a public key which is used to authenticate
1:01
its identity to your client and to verify
where each set of data originated.
1:05
TLS and SSL are what are used to provide
the security in HTTPS connections.
1:09
Check the URL above and
you should see some sort of lock or
1:14
indicator that you're currently
using a secure HTTPS connection.
1:16
Let me show you quickly,
a practical example of using public key
1:20
encryption with the free open
source tool gnuPG or GPG.
1:23
So, I already have GPG
installed on this computer.
1:28
If you don't have it installed,
check the teacher's notes for
1:31
guides on how to install it
yourself if you want to use it.
1:34
So, I've already generated
a couple of keys here.
1:37
These are just for illustrative purposes,
I wouldn't use these keys publicly,
1:39
as they're not the most secure
keys I've ever generated.
1:43
So I have one that I've generated for
myself, and
1:48
I have one that I've generated for Craig.
1:49
And Craig has sent me a message,
has sent me a text file here about lunch,
1:52
and he encrypted this
using my private key.
1:58
So, let me show you what
this message looks like,
2:01
let's see if we can open, assuming
that we can open that and a TextEdit.
2:04
No, I need to do a lower case A.
2:13
Here's what the file looks like.
2:16
That's not a lunch order
that I would ever recognize,
2:18
and I'm assuming you wouldn't either.
2:23
Obviously, we can't read it.
2:26
That's the entire point, right?
2:26
That we don't know how to read this.
2:28
But I can use my private key
to be able to read this.
2:30
So, I can use gpg2 and
then the default is the decrypt.
2:34
So, I can say, okay, open up lunch,
that one, and it asked me for my password.
2:40
So, you'll notice here that it's using
the secret key for me at my email address.
2:44
So, if I put in my secret
key password then we
2:50
get here that it was gpg
encrypted by 4096-bit RSA key.
2:55
It was encrypted for Kenneth Love that
was the key it was encrypted with.
3:02
There was a signature that was created.
3:06
And it was a good signature
from Craig Denise.
3:08
And so now,
we should have a new file and we do.
3:10
So let's open up lunch.txt with TextEdit.
3:15
And it says I could really go for
a taco, how about you?
3:20
Yep, that's definitely from Craig.
3:24
So, if I had received this as a message
over the wire, or the internet.
3:28
I could do whatever I needed now with
this data, both the encrypted version or
3:32
the decrypted version.
3:37
I could store the data on a database, I
could put the file somewhere on a server.
3:38
Or I could transfer it to some other
service or send it on to someone else.
3:42
Most likely,
3:45
I would receive this as an email,
which is what GPG really shines for.
3:46
There's obviously a lot
more involve in encryption.
3:51
Especially the world forward secrecy
which ensures that access to
3:53
one key doesn't mean access
to previous messages.
3:56
Setting up your Apache or
3:58
NGINX server to use SSL is also
outside of the scope of this course.
3:59
If you'd like more information
on these topics or
4:03
other encryption related
topics please tell us.
4:05
You're now armed with knowledge for
hashing and encrypting data but
4:08
do you need to do all of that?
4:11
Let's take a look at places where
it's smarter to offload that work
4:12
to a third party
4:15
You need to sign up for Treehouse in order to download course files.
Sign upYou need to sign up for Treehouse in order to set up Workspace
Sign up