Hmm, not sure I agree with you on that. As a student studying an IT degree having recently covered a module on cryptography, I was able to understand most of what he was saying, but if i came here with no background knowledge I would have been completely lost. I'm not criticising him or anything, that's just my opinion on the matter.
Absolutly love how these guys discuss immensly complex topics, yet when it comes to verifier neither is all that sure how it's spelled! I feel so seen!!!
This actually makes a lot more sense than the previous videos on digital signatures on this channels as it actually goes into the details. It was really unclear in my mind before but this is a great explanation of what actually happens.
memorised elgamal, memorised RSA, learned all these protocols and how signatures work... had my exam... computerphile video gets published. I swear if it was the other way around, I wouldve included this in my schoolwork for sure.
Here I am, Mike Pound. Signed, sealed, delivered - I'm yours! Thanks, Computerphile for working with amazing contributors like Dr. Pound, making this material more accessible to a wannabe geek.
This video was actually tremendously helpful. I had a rough understanding of PKI with RSA, but I always thought DSA was a totally different process. I didn't know it was (effectively) just encrypting the hash of the message with an asymmetric key
Dr Pound is one of my favorite to listen to 🤩 But I feel like it would be nice if this episode included some more information and / or details about digital signatures (maybe some extra bits?😉)
9:41 Remember, none of these public keys is confidential. The problem is, you have to trust they are authentic, that they really came from the people they say they’re from.
But if they are not the public key from your intended sender then they won't be able to decrypt the encrypted message from your intended sender. So, if the public key itself gets tampered you will know something's not right. Or did I miss something?
@@akashchoudhary8162 You could get fooled into accepting messages from a fake sender instead. So you need to obtain the public key from a trusted source.
I love it, like every other of your videos. I'm just wondering one thing: He can explain everything so well, why wouldn't he do something like a full structured course with lectures and covering a topic (e.G. encryption, Web security, how the iternet works, ... ) as a whole with all the most important components. I would instantly sign up for that!
Any chance of a video regarding the TPM (trusted platform module ) and how it works, just finished writing an essay and it came up and I found it rather interesting, keep up the great content !
Yep, cool beans. Usual thing is negotiating the ciphers, then using RSA to encrypt the AES or whatever other symmetrical cipher key. Best of both worlds.
People need to stop explaining signing as "encryption with private key" and verification as "decryption with the public key", at least if you want to explain signatures in general. This kinda works for textbook RSA (where the encryption and decryption are just exponentiation), but not for most other signature schemes. Several of those don't even have a corresponding encryption scheme.
Actually, I think they all do. Wasn’t DSA designed as an alternative to RSA that was only useful for signatures, not encryption? And didn’t somebody discover that you could use it for encryption, albeit very clumsily and inefficiently?
@@Theferg1 There's an excellent textbook by Jonathan Katz on that topic simply called "Digital Signatuers". Another book by Katz "Introduction to Modern Cryptography" would be a better start if you're new to crypto, though!
I am comfortable with the _concept_ of "digital signatures" but something has always troubled me about the _term._ I just never could put a finger on it... until now. A "signature" is something you _generate_ every time you use it. You do not carry a stack of them with you to attach to documents. You do not even need to carry the tools (a pen), someone may lend you one. The one thing you _do_ carry (the muscle memory) can be considered an _algorithm._ What we call "digital signatures" is probably better described as "digital stamps".
I don't quite understand what you're saying. Your computer does generate a new digital signature every time it sends out a new message that requires it.
@@trogdorstrngbd Do you really? I have been "digitally signing" Windows drivers for _years._ You generate the signature _once,_ then attach it to every instance. Embedded firmware tends to be even worse: you do not even generate a new signature for every release. You get _one_ for a company and every firmware release from that company is "signed" with the same one. As I say, they are more like rubber stamps than "signatures".
@@olmostgudinaf8100 I see what you're getting at now. I was focusing on that a new signature is generated every time for a _new_ file, whereas you're focusing on the signature being the same (and therefore more like a stamp) when the _same_ file is being distributed over and over to different computers. Note that I am making a distinction between the signature (different for each file) and the Code Signing Certificate (which the company uses over and over until it expires).
would it by just a thousand times slower? if openssl can do 2000 private key operations per second with 2048 bit keys, that translates to about 480KiB/s throughput. With AES-128-GCM and AES-NI acceleration you should be getting something like 4GiB/s on the same CPU, so it's like 10 thousand times slower
@@666Tomato666 I remember seeing a factor of 3000 times, so you’re not too far off. Also remember you’re not comparing like with like: hardware acceleration for AES versus none for RSA.
@@lawrencedoliveiro9104 oh, true, but hardware acceleration for AES is very common, hardware acceleration for RSA is in custom hardware with price tag in the 4+ digit range (garden variety smartcards are not accelerators, they barely achieve 1op/s)
I don't think this is the right forum to discus this but, "Digital Signatures should not replace Wet or Electronic Signatures, rather they should complement traditional signing methods"
Question. Emailing a document takes seconds. When the document arrives, it arrives. How could someone have changed the document in between the sending and the receiving? To have altered the document, someone would have to have intercepted it and then changed it. This is a question of time. To intercept something and then change it, wouldn't that mean that an email for example, was hi-jacked, went to another address, and then sent on to the ultimate receiver? If so, there would be a record of where the document went in the SMTP headers, no? How does any of this make sense?
@computerphile I think Mike could do a great video about hash based signature schemes, like LMS, that are supposed to be quantum-proof. What do you think?
Could you guys perhaps do a video about the Dutch company Diginotar and especially what went wrong? You know a Dutch certificate issuing company that went bankrupt in 2011 after it was hacked. Maybe by the Iranian government or maybe by the NSA.
I'm looking for the Public Key Infrastructure video he mentions at the end of this video. It's supposed to be the next video in the series but I can't find it, anyone?
I love computerphile's videos like this, but can you guys do me a favor, please add the English subtitle since many of your audience is not native English speaker (like me). Thanks a lot.
instead of repeating the strange tale of Mary and Joseph every year, we should better do this with stories of Alice and Bob. It is simply more important to us nowadays
How do you know that the public key you use to decrypt the signature really belongs to who you think you're communicating with, and not some man-in-the-middle that identified as them instead? If the MIIN does this signature verification with each of the parties, they won't know about it
How can the public key decrypt something that the private key encrypted? I thought the main idea was that whatever is encrypted with the public key can only be decrypted using the private key ?
Need to sort your audio compression out (DB dynamic range, as in the audio plugin you are using , not file size haha). The attack is way too long, for spoken word set to quickest possible so the first part of a sentence doesn't keeping jumping out of people's speakers. You're welcome.
Sorry, this is actually the inbuilt compressor in Mike's camera. It sparked some conversation afterwards :) (when I ask a Q, his gain climbs and by the time he answers the compressor crashes in and the gradually eases off the gain until next question...) -Sean
Why should hashing ever lead to data compression? Don't computer already use the most efficent data compression method possible for regular communication?
How does the public keys decryp signatures and matches with private keys? Who owns the private keys´ list master file which is embedded into BTC blockchain?
Assuming I want to send you a btc and I know your public key, but you don't know my public key. So I will encrypt my transfer by your public key in ecc method then i will sign it with my private key. Is that correct? When you recive btc, how can you varfiy it if you don't know my public key.? Is my public key sent with the encrypted transfer, and if it is, how do you know if it is my public key or something else?
If I encrypt the digital signature with my private key, then the receiver decrypts the digital signature with the public key, couldnt anyone in the middle just decrypt it? Seems unsecure? Am I missing something?
A bit late but I believe the client also sents its public key to the server. So the server encrypts the response with the client pub key and only the client can decrypt it with its private key
Private or Symmetrical Encryption means we must both somehow know the key and that's how we'd decrypt whatever it is in question.. Public or Asymmetric encryption means that me as the sender needs the public key, which everyone might know, of the receiver, so I can send the document there and the reciever will decrypts with the private key Question then: If the signing off, or digital signature needs to happen by me as the sender with my private key, and is decryptable with my public key which is public knowledge, then can't anyone decrypt the signature with my public key, or is the message as a whole still sent to the public key of the sender??
@@lawrencedoliveiro9104 Most people don't have a choice about this, as some of the software people need is proprietary Windows stuff. And Apple like their customers' money just a bit too much.
Hi Guys, When you sign an e-document (a contract) on a mobile device such as a tablet (with multiple signature boxes), do those signatures have timings that are part of a digital footprint (so-to-speak), that can be revisited at anytime to see when and what time a signature box was signed? Thanks in advance.
Hello Rob, this largely depends on the way this box is implememted. Usually these store a small amount of data such as the digital representation of the signature and a timestamp. Quite often this is not verified (even though possible via Timeservers). These basic signatures largely have only the effect of a tick in a checkbox.
Who is the intended audience for this video? If Mike is anticipating the audience for him to talk about hashing (around 6 minutes in), then this isn't really intended for everyone, but people who may already have a fundamental understanding of cryptography, ain't it? So then, is the audience for those who already understand cryptography, and then for Mike to further explain it? Is it for an audience who doesn't know what cryptography or digital signatures are (as titled in the video)? Contrary to popular opinion, Mike didn't explain it very well. His very casual flow also is disruptive - it may be that this video came like an afterthought, and not a planned and organized session.
This explanation is wrong or misleading at best. Most signature schemes have little or nothing to do with encryption (see for example Schnorr signatures), and you don't even require public key crypto for signatures (see XMSS). RSA is essentially the one scheme where you can "encrypt with your private key", which doesn't work for basically all other public key cryptosystems - it just doesn't make much sense in general. RSA has been giving a false intuition about signatures for a long time.
if someone was in the middle couldnt they trick the verifier? For example, A(signer) sends document to verify to C(verifier) through B (B is in the middle. B forwards doc to C.) A sends encrypted doc to C through B. If B resigns the document with their private key, then when C will just verify it was signed with C's public key correct?
A little late to the party, but I think the explanation is this: C tries to decrypt the document signed by B with A's public key. This won't yield the correct results, as it was not signed with A's private key. Of course this means that the public key that C has from A is not tampered with. This is the job of PKI (Public Key Infrastructure)
if someone was in the middle of a digital signature between person a and b couldnt they(person m) hash the email/text and sign it with their own key and send that to person b. Then when person b sends an email back to a, person m can hash the email and send a resigned version back to a?
Well... all these videos I've watched and things I've read.. finally learned why you hash the original document first. Kind of disappointed in myself it wasn't blatantly obvious from the get go lol
how to solve the issue of somebody generating digital certificates on behalf of somebody and sharing ? ... that issued certificate won't represent the actual user :)
Mike is a legend, he explains everything so well and makes it easy for anyone to understand.
agreed
@@t3buron513 indeed.
Hmm, not sure I agree with you on that. As a student studying an IT degree having recently covered a module on cryptography, I was able to understand most of what he was saying, but if i came here with no background knowledge I would have been completely lost. I'm not criticising him or anything, that's just my opinion on the matter.
Truly the sign of somebody who has absolutely mastered their craft.
He is cool as a cucumber!
Absolutly love how these guys discuss immensly complex topics, yet when it comes to verifier neither is all that sure how it's spelled! I feel so seen!!!
:) Yes!
Not gonna lie, I came for the information but I stayed for the pen colour change.
I just paused the video to look for "this" comment. #wellDoneSir
very exciting
This actually makes a lot more sense than the previous videos on digital signatures on this channels as it actually goes into the details. It was really unclear in my mind before but this is a great explanation of what actually happens.
When I see Mike in the thumbnail, instant click.
When I see Mike, I pound that like button.
Amazing how Tobey Maguire is saving Mary Jane at night and teaching people about computers in the day
So thats why Dr. Mike Pound looked familiar xD
Nah Mike looks like HUGH GRANT / Frodo and I'm a big Toby McGuire fan but never thought of Toby looking like Mike. It's the Frodo Baggins look
brilliant but lazy 🤣
@@klyanadkmorr Elijah
@@AcornElectron I couldn't remember his name on the tip of my tongue but didn't feel like searching☺
memorised elgamal, memorised RSA, learned all these protocols and how signatures work... had my exam...
computerphile video gets published. I swear if it was the other way around, I wouldve included this in my schoolwork for sure.
Here I am, Mike Pound. Signed, sealed, delivered - I'm yours!
Thanks, Computerphile for working with amazing contributors like Dr. Pound, making this material more accessible to a wannabe geek.
This video was actually tremendously helpful. I had a rough understanding of PKI with RSA, but I always thought DSA was a totally different process.
I didn't know it was (effectively) just encrypting the hash of the message with an asymmetric key
Dr Mike Pound grounds and pounds every problem till it is solved.
Dr Pound is one of my favorite to listen to 🤩
But I feel like it would be nice if this episode included some more information and / or details about digital signatures (maybe some extra bits?😉)
Love Mike! He needs his own channel! 🤩
Damn. I've caught up with watching Computerfile. Now I'm going to have to wait for more episodes to come out.
9:41 Remember, none of these public keys is confidential. The problem is, you have to trust they are authentic, that they really came from the people they say they’re from.
But if they are not the public key from your intended sender then they won't be able to decrypt the encrypted message from your intended sender. So, if the public key itself gets tampered you will know something's not right. Or did I miss something?
@@akashchoudhary8162 You could get fooled into accepting messages from a fake sender instead. So you need to obtain the public key from a trusted source.
@@lawrencedoliveiro9104 Interesting, thanks for the clarification
If I'm not wrong for that we use digital certificates
Your knowledge as well as English accent is historical.
I love it, like every other of your videos. I'm just wondering one thing: He can explain everything so well, why wouldn't he do something like a full structured course with lectures and covering a topic (e.G. encryption, Web security, how the iternet works, ... ) as a whole with all the most important components. I would instantly sign up for that!
He is working full-time at a university so I guess this is just a side hustle for him
Please do videos about all the topics mentioned in the video. Can't wait to see them.
Thank you Dr. Michael Pound. Your explanations are so clear and mind-blowing. One of my favorite channels on RUclips!
Any chance of a video regarding the TPM (trusted platform module ) and how it works, just finished writing an essay and it came up and I found it rather interesting, keep up the great content !
Perfect timing lads! Got a Compsec final tomorrow.
wow this is the first comphile video I'm watching as soon as it has been published
Mike is the best. I really want to hear him talk about what he likes about C#.
Thanks for all the videos! I've been watching them and learning from them for years
Great video. Maybe it could be interesting to talk about JWT tokens as well
Thanks for the lecture, Peter Parker!
he reminds me more of Ralph Macchio in Cobra Kai
So informative yet informal and digestable. Many thanks
One of the best channel on youtube.
we are still waiting for the "next video" you mention at the very end ;)
"I'm gonna change my pen colour - it's all very exciting" xD
If you click on the little lock in the address bar of your browser you can see the RSA signed certificate :-)
EXCELLENT use of the Lav mic!
he says its all very exciting but it really is exciting .
Extra like for the guitar collection! 1:36
Computerphile Time!
so glad i no longer have to hear the sound of marker on paper, that screech gives me chills
Yeah, I love Numberphile, but the merger on butcher paper sound can get annoying. @(>~
in my opinion, I think he's the best explainer of complicated topics.
boom perfectly timed, in the morning i have to give a viva exam on Internet an Network Security!
Dr. Mike Pound finally! Love your vids and Mike :)
Yep, cool beans.
Usual thing is negotiating the ciphers, then using RSA to encrypt the AES or whatever other symmetrical cipher key.
Best of both worlds.
Thanks Dr. Pound
Well this is timely given the news about solarwinds
Is the public key infrastructure video available? I just tried searching for it and couldn't find it!
i didn't learn something new, but liked the video.
People need to stop explaining signing as "encryption with private key" and verification as "decryption with the public key", at least if you want to explain signatures in general.
This kinda works for textbook RSA (where the encryption and decryption are just exponentiation), but not for most other signature schemes. Several of those don't even have a corresponding encryption scheme.
Actually, I think they all do. Wasn’t DSA designed as an alternative to RSA that was only useful for signatures, not encryption? And didn’t somebody discover that you could use it for encryption, albeit very clumsily and inefficiently?
@paulo Ebermann where can I go study how Signatures really work?
What are "most signature schemes" that don't use public/private keys?
@@Theferg1 There's an excellent textbook by Jonathan Katz on that topic simply called "Digital Signatuers". Another book by Katz "Introduction to Modern Cryptography" would be a better start if you're new to crypto, though!
Thank you, happy to see someone else comment this! Exactly my thoughts! I don't know understand why this analogy is still being used either.
I am comfortable with the _concept_ of "digital signatures" but something has always troubled me about the _term._ I just never could put a finger on it... until now.
A "signature" is something you _generate_ every time you use it. You do not carry a stack of them with you to attach to documents. You do not even need to carry the tools (a pen), someone may lend you one. The one thing you _do_ carry (the muscle memory) can be considered an _algorithm._
What we call "digital signatures" is probably better described as "digital stamps".
I don't quite understand what you're saying. Your computer does generate a new digital signature every time it sends out a new message that requires it.
@@trogdorstrngbd Do you really? I have been "digitally signing" Windows drivers for _years._ You generate the signature _once,_ then attach it to every instance. Embedded firmware tends to be even worse: you do not even generate a new signature for every release. You get _one_ for a company and every firmware release from that company is "signed" with the same one.
As I say, they are more like rubber stamps than "signatures".
@@olmostgudinaf8100 I see what you're getting at now. I was focusing on that a new signature is generated every time for a _new_ file, whereas you're focusing on the signature being the same (and therefore more like a stamp) when the _same_ file is being distributed over and over to different computers. Note that I am making a distinction between the signature (different for each file) and the Code Signing Certificate (which the company uses over and over until it expires).
0:38 “Not that quick” as in “a thousand times slower than secret-key encryption such as with AES”.
would it by just a thousand times slower? if openssl can do 2000 private key operations per second with 2048 bit keys, that translates to about 480KiB/s throughput. With AES-128-GCM and AES-NI acceleration you should be getting something like 4GiB/s on the same CPU, so it's like 10 thousand times slower
@@666Tomato666 I remember seeing a factor of 3000 times, so you’re not too far off.
Also remember you’re not comparing like with like: hardware acceleration for AES versus none for RSA.
@@lawrencedoliveiro9104 oh, true, but hardware acceleration for AES is very common, hardware acceleration for RSA is in custom hardware with price tag in the 4+ digit range (garden variety smartcards are not accelerators, they barely achieve 1op/s)
12 people actually transmit all their information in clear text
Can you upload the next video tomorrow? I have a computer security exam on these things this coming Monday and these are very useful hahah
I couldn't find the video he mentioned in the end about public key infrastructure. Did I search something wrong or isn't there one?
Doc should start his own channel
I don't think this is the right forum to discus this but,
"Digital Signatures should not replace Wet or Electronic Signatures, rather they should complement traditional signing methods"
I will say one the I first time watched your video almost 5 year back in 2016 and your look didn't changed from 2016 to 2021 now
When's he going to talk about hashing? /s
He does in the video
@@nilen r/wooosh
Question. Emailing a document takes seconds. When the document arrives, it arrives. How could someone have changed the document in between the sending and the receiving? To have altered the document, someone would have to have intercepted it and then changed it. This is a question of time. To intercept something and then change it, wouldn't that mean that an email for example, was hi-jacked, went to another address, and then sent on to the ultimate receiver? If so, there would be a record of where the document went in the SMTP headers, no? How does any of this make sense?
@computerphile I think Mike could do a great video about hash based signature schemes, like LMS, that are supposed to be quantum-proof.
What do you think?
Dude is so articulate
This man understands the importance of a naked room.
Another great video
Could you guys perhaps do a video about the Dutch company Diginotar and especially what went wrong? You know a Dutch certificate issuing company that went bankrupt in 2011 after it was hacked. Maybe by the Iranian government or maybe by the NSA.
I'm looking for the Public Key Infrastructure video he mentions at the end of this video. It's supposed to be the next video in the series but I can't find it, anyone?
Great video! You helped me a lot!
I can't wait to see the PKI video
Very interesting as always. Thanks.
Nice a new computerphile vid
I love computerphile's videos like this, but can you guys do me a favor, please add the English subtitle since many of your audience is not native English speaker (like me). Thanks a lot.
If you can link the video you recommend to watch in your video that would be great...
Where is the video on public key infrastructure he mentioned?
How would we know what kind of hash functions to use to verify the received the document?
instead of repeating the strange tale of Mary and Joseph every year, we should better do this with stories of Alice and Bob. It is simply more important to us nowadays
Hahahah, nice one
How do you know that the public key you use to decrypt the signature really belongs to who you think you're communicating with, and not some man-in-the-middle that identified as them instead?
If the MIIN does this signature verification with each of the parties, they won't know about it
Because of the digital certificates, that will contain the public key and also the digital signature
@@estebangomez1823 we can still emit false certificates too
How can the public key decrypt something that the private key encrypted? I thought the main idea was that whatever is encrypted with the public key can only be decrypted using the private key ?
It works both ways:
Encrypt with public key -> only decrypt through private key
Encrypt with private key -> only decrypt through public key
Did anybody find the next continued video after this ?
Need to sort your audio compression out (DB dynamic range, as in the audio plugin you are using , not file size haha). The attack is way too long, for spoken word set to quickest possible so the first part of a sentence doesn't keeping jumping out of people's speakers. You're welcome.
Sorry, this is actually the inbuilt compressor in Mike's camera. It sparked some conversation afterwards :) (when I ask a Q, his gain climbs and by the time he answers the compressor crashes in and the gradually eases off the gain until next question...) -Sean
@@Computerphile :)
I prefer the infinitely long printer paper.
how will the verifier know what padding needs to be added before calculating the hash?
Why should hashing ever lead to data compression? Don't computer already use the most efficent data compression method possible for regular communication?
Mike always looks like he's about to burst out laughing
How does the public keys decryp signatures and matches with private keys? Who owns the private keys´ list master file which is embedded into BTC blockchain?
Assuming I want to send you a btc and I know your public key, but you don't know my public key.
So I will encrypt my transfer by your public key in ecc method then i will sign it with my private key. Is that correct?
When you recive btc, how can you varfiy it if you don't know my public key.? Is my public key sent with the encrypted transfer, and if it is, how do you know if it is my public key or something else?
If I encrypt the digital signature with my private key, then the receiver decrypts the digital signature with the public key, couldnt anyone in the middle just decrypt it? Seems unsecure? Am I missing something?
A bit late but
I believe the client also sents its public key to the server. So the server encrypts the response with the client pub key and only the client can decrypt it with its private key
Private or Symmetrical Encryption means we must both somehow know the key and that's how we'd decrypt whatever it is in question..
Public or Asymmetric encryption means that me as the sender needs the public key, which everyone might know, of the receiver, so I can send the document there and the reciever will decrypts with the private key
Question then: If the signing off, or digital signature needs to happen by me as the sender with my private key, and is decryptable with my public key which is public knowledge, then can't anyone decrypt the signature with my public key, or is the message as a whole still sent to the public key of the sender??
so what is the best software applications to protect your computer?, and could you disable a computer if you had its IP?
1) Avoid using Microsoft Windows.
@Dusty 99 If avoiding unnecessarily complex OSes is “lazy”, I don’t wanna be hardworking!
@@lawrencedoliveiro9104 Most people don't have a choice about this, as some of the software people need is proprietary Windows stuff. And Apple like their customers' money just a bit too much.
@@WujuStyler So far the only ones insisting on using Windows are gamers.
Hi Guys,
When you sign an e-document (a contract) on a mobile device such as a tablet (with multiple signature boxes), do those signatures have timings that are part of a digital footprint (so-to-speak), that can be revisited at anytime to see when and what time a signature box was signed?
Thanks in advance.
Hello Rob,
this largely depends on the way this box is implememted. Usually these store a small amount of data such as the digital representation of the signature and a timestamp. Quite often this is not verified (even though possible via Timeservers). These basic signatures largely have only the effect of a tick in a checkbox.
@@WolkenDesigns
Thanks for your reply. Much appreciated. 👍🏻
Second best hash is the key hash.
My doubt is, how does the verifier know the algorithm for hashing and padding?
Every get an answer to this? +1
Great video!
Thx Mike!!!
More encryption videos from THIS GUY. Or do a video on VPN's.
I wish that it doesn't switch often and quick between Mike and the sketch. Everytime I want to read the sketch it. Around 4:00 and 4:30 for example
Who is the intended audience for this video?
If Mike is anticipating the audience for him to talk about hashing (around 6 minutes in), then this isn't really intended for everyone, but people who may already have a fundamental understanding of cryptography, ain't it?
So then, is the audience for those who already understand cryptography, and then for Mike to further explain it? Is it for an audience who doesn't know what cryptography or digital signatures are (as titled in the video)?
Contrary to popular opinion, Mike didn't explain it very well. His very casual flow also is disruptive - it may be that this video came like an afterthought, and not a planned and organized session.
This explanation is wrong or misleading at best. Most signature schemes have little or nothing to do with encryption (see for example Schnorr signatures), and you don't even require public key crypto for signatures (see XMSS). RSA is essentially the one scheme where you can "encrypt with your private key", which doesn't work for basically all other public key cryptosystems - it just doesn't make much sense in general. RSA has been giving a false intuition about signatures for a long time.
Thank you, happy to see someone else comment this! I don't know why this misconception is still being spread.
I want to know why my university can't do a proper job then. I am so confused reading these comments rn
Nevertheless, they are sufficiently related that what works for one can be made to work for the other.
if someone was in the middle couldnt they trick the verifier?
For example, A(signer) sends document to verify to C(verifier) through B (B is in the middle. B forwards doc to C.)
A sends encrypted doc to C through B.
If B resigns the document with their private key, then when C will just verify it was signed with C's public key correct?
A little late to the party, but I think the explanation is this:
C tries to decrypt the document signed by B with A's public key. This won't yield the correct results, as it was not signed with A's private key.
Of course this means that the public key that C has from A is not tampered with. This is the job of PKI (Public Key Infrastructure)
if someone was in the middle of a digital signature between person a and b couldnt they(person m) hash the email/text and sign it with their own key and send that to person b. Then when person b sends an email back to a, person m can hash the email and send a resigned version back to a?
Well, A would try to decrypt the email/file with B's public key, and it wouldn't work because it would be signed by M instead of B
Never thought Tobery Maguire would be such a pro in crypto
Thank you sir.
Well... all these videos I've watched and things I've read.. finally learned why you hash the original document first. Kind of disappointed in myself it wasn't blatantly obvious from the get go lol
Please provide subtitles
how to solve the issue of somebody generating digital certificates on behalf of somebody and sharing ? ... that issued certificate won't represent the actual user :)
That’s basically what a Certificate Authority will do as a third party
@@Lea_Black Totally make sense .. Thank you!
that tele so sick
Can you make a video about the Matrix Protocol?