I wondered how long it would take for someone to point that out! 😅 You're correct, in the case of sending a symmetric encryption key I was responding to, the SENDER would encrypt it with the public key of the RECEIVER and then the receiver would decrypt it with THEIR private key. If the SENDER used their private key to encrypt it, then anyone could decrypt it using the [presumably well-known] public key of the sender.
Talking on a simplistic level, the problem is solved by the 1) client generating the symmetric key, 2) encrypting it with the server's public key and 3) sending it to the sever, which then can 4) decrypt the encrypted symmetric key with it's private key. 5) Thereafter, the communication can proceed in an encrypted manner (encrypted with the exchanged symmetric key)
@Michael F Sigh! When I'm speaking spontaneously and rapidly, I sometimes use the wrong word. Senior moment? Jeff obviously knows security - he even teaches it at our local university. Either he missed my error in the moment or was being kind.
Why no one else in the earth has explained this to me this very simple way? 90k college loan and still watching youtube. Thank you IBM and the gentleman on the right. You are such an awesome free thinking teacher
Thanks so much for the kind words of encouragement! It’s a complicated topic and I had to take some liberties with the explanations in order to fit the time constraints, but, hopefully, it shed some light on a really fascinating, but gorpy, topic
@@jeffcrume Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair
Observation that I found amusing. In order for their writing to be read by us, they rendered the video horizontally reversed. But here's the cool thing. The guy on the left was so committed to the reversal process, he swapped his wedding ring to his right hand, so it would show left in the video. I pose this concept for discussion and debate. ;)
It should be noted that once you establish an asymmetric connection with a website it then switches to symmetric. If it stayed asymmetric the entire time that would be a lot of bandwidth and SLOW
This is some very clear and really exciting stuff. Haven't seen many people break this down in such a way making it so easy to understand. Good stuff guys!
On timeline 4:40 to 4:47 the guy is wrongly interpreting the usecase. The client actually generates a session key / Sym key and encrypt it with the public key of the peer end and then the peer end decrypt it with it's private key to acquire the session key/Sym key. Additionally, the peer generates a session key/Sym key and encrypt it with the session/Sym key that it just decrypted and send that key to the other side. Now, what happens is that one side use its own Session/Sym key for decryption and the other side key for encryption.
Hey i even noted one more thing i.e. It is been said in that video that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair but yes both can use for encryption as well as decryption at the same time
That was the best explanation of pki that I have come across so far. Thank you for that! I'm an interested lay person and would like to advance my knowledge in that topic. Would you have any recommendations for topics and/or titles I could read? Thanks!
Thanks for sharing such valuable information! Just a quick off-topic question: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). Could you explain how to move them to Binance?
my understanding: so a digital signature can only be created by encrypting the hash with pvt key? its a way of affirming that this is last known hash for a message/file. encryption during the digital signature process has nothing to do with protecting a secret. since the key pair is mathematically related , the only pub key that can used to decrypt the hash is the pub key related to the pvt key that encypted it, thereby verifying integrity of sender and hash.
Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair
I'm learning PKI for the first time and I'm having trouble with the explanation about encrypting the symmetric key using the private key and then having the recipient decrypt it using the sender's public key. Since the public key is public, can't an unintended recipient intercept the symmetric key and now decrypt it. I though we should always be encrypting with the public key and decrypting with the non-shared key (private) to prevent this problem...
First of all, be sure to read the pinned comment above as I misstated public/private in the video. That may be the source of your confusion. Sorry about that! But to clarify, there's two issues at play here: (1) How do you know the message you received is actually from who you think it is? (2) How do you establish secure communication with someone? For (1), you as the receiver of a message from SND know that *must* have originated from SND if you're able to decrypt it with SND's public key, because only SND has their [private] key that was used to encrypt it. Let's say for (2), SND wants to establish a secure connection with RCV. To start, SND creates a unique SND-to-RCV session ID "ZZZ" and wants to send it to RCV. So, SND uses RCV's public key to encrypt the session ID ZZZ, encrypts that with their own (SND's) private key, then sends the "package" to RCV. It's true that someone *could* intercept that package and use SND's public key to decrypt it, but all that would get them was RCV's (encrypted) session ID, which is worthless to the interceptor. On the other hand, RCV can decrypt the package using SND's public key *and* they can also decrypt the message to retrieve the session ID using their private key since SND used RCV's public key to encrypt it. Once this is complete, both SND and RCV share a session ID that nobody else knows; that can be used to establish a secure connection with both parties knowing the other end is who they claim to be. Another easier way to think of it is a message encrypted with a public key can only be decrypted with the associated private key. Thus you can use this asymmetry to prove that a message did in fact originate with the owner of the public/private key, because any tampering along the way would render the message gibberish when decrypted. Did I get it right, @jeffcrume?
Great video! Can you also do some video on a real world scenario and elaborate on private/public keys with let's say self signed certificate using your own CA by using openssl for example ? Thx
I haven't implemented my own CA, but a quick search "how to create certificate authority openssl" yielded step-by-step tutorials. For those following along, this is different than just creating a self-signed certificate (no CA) that you might do for testing. Most browsers will refuse to connect to a site using one, unless you specify a command line/configuration setting to disable it.
8:30 I'm pretty sure you're not decrypting the Digital Signature with the public key, or at all for that matter. It's just there for verification purposes.
In order to verify, you do need to decrypt the dig sig so that you can compare the hash value from the sender (encrypted with their private key) and compare it to your calculated value using the same hashing algorithm
Great video as always! 👍 I’ve got a question: 🤨 I found these words 😅. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
In GPG you can create multiple public keys for encrypting, signing and sth else based on ONE private key. If so why do you say in video, that both can be used as for en/decrypt the other. And there can be only two of them?
I was giving a single, theoretical example. You’re referring to a very legitimate practical example which implements the same concepts as multiple instances. “In theory, there is difference between theory and practice. In practice, there is.” 😊
This is the guy with glasses. When I speak spontaneously, I sometimes make verbal mistakes like this. Sorry! I realized it was incorrect in the playback, but decided to leave it as-is. It took a few days for a viewer to correct me. 😉Another viewer pointed out a misstatement (?) by Jeff w.r.t. asymmetric keys. See the pinned comment for the viewers calling out these misstatements and our corrections.
IBM offers crypto capabilities of this sort on the mainframe as part of the security services in the OS. Also, crypto accelerator cards from IBM help speed up operation and keep keys secure
The second guy got caught in the weeds of asymmetric vs symmetric keys. Those are two completely different systems. No one uses symmetric keys anymore because RSA became popularized by Rivest, Shamir, and Aldman in their algorithm. RSA broadcasts the public keys and a message can be encoded so the private key can decode the message. The private key is not broadcasted. But anyone can send a message using the public keys to the server which can be decoded by the private key.
But where does the RA come to play? i thought you sent info to the RA, they then confirm your details and then tell the CA to create and issue the certificate
a qustion more basic that I didn't felt answered..what problem this security answered to the end user? I felt like an example (or story) of daily use with secure key and the one without that can finalize my understanding on the topic
Here's a simple end user example: Programs like email and browsers use encryption in order to ensure that communications cannot be read by anyone other than the intended party. Symmetric cryptography is how we secure the message and asymmetric crytography/PKI is how we exchange the symmetric keys so that the only the intended parties can read the messages [thanks to Jeff Crume for improving on my initial answer].
Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair but yes both can use for encryption as well as decryption at the same time
I understand the certificate can be trusted because it was issued by the CA. But how does the CA evaluate that the public key is legit in the first place to create the certificate? Aren't we back to the initial question of "how do we know that the public key is trustworthy?"
The CA is responsible to issue the certs (and sign them with its private key). The public keys for trusted, well known CAs are hardcoded into browsers and other software so that they can verify that certificates are authentic and have been signed by a trusted third party
We're writing on a glass pane that is directly in front of us. Since we're on the other side of the glass, the writing is backwards from the viewpoint of the camera, so we flip the image in post-production. That's why it appears that I'm left-handed when in fact I'm right-handed.
You wouldn't want to encrypt your symmetric key with your private key and then send it out. Then, anyone with the public key code decrypt it and obtain your symmetric key. Instead, you would request your contact to use their public key to encrypt a symmetric key and send that to you.
Not quite :) You want to encrypt the symmetric key with the public key of the entity you are communicating with, so that they can decrypt with their private key
my problem with IBM explanations is that they never really gives examples from AD on prem environment in windows server or ubuntu server, they will just give you the theory behind it , i would eve dare to say its a metaphor because nobody can really see how it is done in AD CA Environment in enterprise levels . they only give you the concept because they themself never actually done that.
My goal with the video was to cover the concepts that would be applicable across all platforms. Vendor-specific implementations may be better explained by those vendors
i would never encrypt the symmetric key with private asymmetric key but with my recipient's public asymmetric key so that only he can decrypt it using his private asymmetric key and no one else . In this video it is said the other way round using his own private key to encrypt the symmetric key but then anyone can use his public key to decrypt that and get the symmetric key .
4:47 secrets are encrypted with Public keys and decrypted by Private keys.... The other way around would expose the secret.
I wondered how long it would take for someone to point that out! 😅
You're correct, in the case of sending a symmetric encryption key I was responding to, the SENDER would encrypt it with the public key of the RECEIVER and then the receiver would decrypt it with THEIR private key. If the SENDER used their private key to encrypt it, then anyone could decrypt it using the [presumably well-known] public key of the sender.
Talking on a simplistic level, the problem is solved by the
1) client generating the symmetric key,
2) encrypting it with the server's public key and
3) sending it to the sever, which then can
4) decrypt the encrypted symmetric key with it's private key.
5) Thereafter, the communication can proceed in an encrypted manner (encrypted with the exchanged symmetric key)
@@wizard_in_oz absolutely, and this is exactly how SSL/TLS ,SSH tunnels are created for example.
100% Correct. Wonder why none of these guys presenting caught that. 😂
@Michael F Sigh! When I'm speaking spontaneously and rapidly, I sometimes use the wrong word. Senior moment? Jeff obviously knows security - he even teaches it at our local university. Either he missed my error in the moment or was being kind.
Why no one else in the earth has explained this to me this very simple way? 90k college loan and still watching youtube. Thank you IBM and the gentleman on the right. You are such an awesome free thinking teacher
I’m glad this explanation made sense to you!
I know PKI but keep forgetting it, once or twice a year I come to these videos to remind me. Thanks for the objective content.
This was one of the best explanations of PKI that I've heard. Amazing job guys 👏
Thanks so much for the kind words of encouragement! It’s a complicated topic and I had to take some liberties with the explanations in order to fit the time constraints, but, hopefully, it shed some light on a really fascinating, but gorpy, topic
@@jeffcrume Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair
Observation that I found amusing. In order for their writing to be read by us, they rendered the video horizontally reversed. But here's the cool thing. The guy on the left was so committed to the reversal process, he swapped his wedding ring to his right hand, so it would show left in the video. I pose this concept for discussion and debate. ;)
Studying Cyber Security, this video really helped me get a visual. The book was slow and dry.
this one was definitely great the conversation style makes it easy to digest
Simplicity and brevity at their best! Thank you!
This is the best channel for explaining cybersecurity concepts.
Learned this in network defense essentials and this is a execellent video for briefly explaining cyptography.
This is really a good and clean approach of clarifying the term!
loved how simply the topic is explained..
A very clear audio simulation of nails on a chalkboard. Thank you
More pedagogy than during my bachelor 😭
Keep it up!!!!!
It should be noted that once you establish an asymmetric connection with a website it then switches to symmetric. If it stayed asymmetric the entire time that would be a lot of bandwidth and SLOW
Exactly right. Asymmetric is used to solve the key distribution problem but symmetric is used to encrypt the bulk of the data
1:48 root user - key
2:01 hw : secure
2:40 public key is telling world how to coommunicate w me
3:10 : public / private is chosen
A very concise talk about PKI. Awesome!
Great explanation to clear any confusion with this topic, much appreciated!
Started understanding more and more. These concepts are most important. Thanks for the video.
Jeff Crume, as usual an awesome teacher
This is some very clear and really exciting stuff. Haven't seen many people break this down in such a way making it so easy to understand. Good stuff guys!
I used to learn this the hard way. This conversation is awesome and easy to digest!
Very clear explanation; thanks for somewhat demystifying PKI.
On timeline 4:40 to 4:47 the guy is wrongly interpreting the usecase. The client actually generates a session key / Sym key and encrypt it with the public key of the peer end and then the peer end decrypt it with it's private key to acquire the session key/Sym key. Additionally, the peer generates a session key/Sym key and encrypt it with the session/Sym key that it just decrypted and send that key to the other side. Now, what happens is that one side use its own Session/Sym key for decryption and the other side key for encryption.
Hey i even noted one more thing i.e. It is been said in that video that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair but yes both can use for encryption as well as decryption at the same time
This conversational style is more educative than monologues.
So glad you liked it!
Thank you!! I’m learning this in class right now!
That was the best explanation of pki that I have come across so far. Thank you for that! I'm an interested lay person and would like to advance my knowledge in that topic. Would you have any recommendations for topics and/or titles I could read? Thanks!
What an amazingly clear and uaeful video. Thanks so much
the best explanation , and the conversation is relatable
When technology was evolving in the world, IBM was giant in technology.
Thank you for that vivid explanation
You’re welcome!
Are there any courses by him, this is freaking awesome. So clearly explained.
Thanks for sharing such valuable information! Just a quick off-topic question: My OKX wallet holds some USDT, and I have the seed phrase. (alarm fetch churn bridge exercise tape speak race clerk couch crater letter). Could you explain how to move them to Binance?
This really cool, concise and great talk
I like how you use interaction between novice and expert to make it more fun and understable
That was a very clear explaination .
We want tmore content like this :)
Awesome explanation. Understandable
Now its getting clear. Thankyou very much
Great explanation. Thanks. I'm really interested in cryptography and certificates and learning a lot of valuable information.
Excellent explanation
EXCELLENT! LOVED THIS EXPLANATION
This is pretty good info, thanks for sharing!
Guys this is awesome!
Very informative thankyou 👍 😊
Wow....this is amazing content!! Well done! Thank you
Very Well explained. Thanks a lot.
my understanding: so a digital signature can only be created by encrypting the hash with pvt key? its a way of affirming that this is last known hash for a message/file. encryption during the digital signature process has nothing to do with protecting a secret. since the key pair is mathematically related , the only pub key that can used to decrypt the hash is the pub key related to the pvt key that encypted it, thereby verifying integrity of sender and hash.
Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair
Great video, look forward to more of these
Thank you
this is really good
Very very good, thanks.
Wish I could understand things as quickly as the guy with glasses
I do too! He’s a sharp guy, for sure!
If you are a Web developer it's sure you must understand faster because this is included in the day to day life of website developers.🎉
I'm learning PKI for the first time and I'm having trouble with the explanation about encrypting the symmetric key using the private key and then having the recipient decrypt it using the sender's public key. Since the public key is public, can't an unintended recipient intercept the symmetric key and now decrypt it. I though we should always be encrypting with the public key and decrypting with the non-shared key (private) to prevent this problem...
First of all, be sure to read the pinned comment above as I misstated public/private in the video. That may be the source of your confusion. Sorry about that! But to clarify, there's two issues at play here: (1) How do you know the message you received is actually from who you think it is? (2) How do you establish secure communication with someone?
For (1), you as the receiver of a message from SND know that *must* have originated from SND if you're able to decrypt it with SND's public key, because only SND has their [private] key that was used to encrypt it.
Let's say for (2), SND wants to establish a secure connection with RCV. To start, SND creates a unique SND-to-RCV session ID "ZZZ" and wants to send it to RCV. So, SND uses RCV's public key to encrypt the session ID ZZZ, encrypts that with their own (SND's) private key, then sends the "package" to RCV. It's true that someone *could* intercept that package and use SND's public key to decrypt it, but all that would get them was RCV's (encrypted) session ID, which is worthless to the interceptor. On the other hand, RCV can decrypt the package using SND's public key *and* they can also decrypt the message to retrieve the session ID using their private key since SND used RCV's public key to encrypt it. Once this is complete, both SND and RCV share a session ID that nobody else knows; that can be used to establish a secure connection with both parties knowing the other end is who they claim to be.
Another easier way to think of it is a message encrypted with a public key can only be decrypted with the associated private key. Thus you can use this asymmetry to prove that a message did in fact originate with the owner of the public/private key, because any tampering along the way would render the message gibberish when decrypted.
Did I get it right, @jeffcrume?
Great video! Can you also do some video on a real world scenario and elaborate on private/public keys with let's say self signed certificate using your own CA by using openssl for example ? Thx
I haven't implemented my own CA, but a quick search "how to create certificate authority openssl" yielded step-by-step tutorials. For those following along, this is different than just creating a self-signed certificate (no CA) that you might do for testing. Most browsers will refuse to connect to a site using one, unless you specify a command line/configuration setting to disable it.
8:30 I'm pretty sure you're not decrypting the Digital Signature with the public key, or at all for that matter. It's just there for verification purposes.
In order to verify, you do need to decrypt the dig sig so that you can compare the hash value from the sender (encrypted with their private key) and compare it to your calculated value using the same hashing algorithm
@@jeffcrume thanks Jeff. I looked it up after I commented and you're right. Probably should have deleted my comment lol.
Thank you for this awesome explanation
Thanks! If you'd like to see other topics on Tech Talk, let us know!
Great video, is it relevant to ask where SSL certificates come into play within this context?
Yes, SSL (now TLS) encryption is based on these concepts as well
fantastic job !
Thanks!
i love these 2 men♥
Thanks guys!!! great job!!
Really helpful
Great video as always! 👍 I’ve got a question: 🤨 I found these words 😅. (behave today finger ski upon boy assault summer exhaust beauty stereo over). Not sure how to use them, would appreciate help. 🙏
Correction on 4:50 decrypt it with your private key.
What if i’d like to build a portal that is secured with multiple access levels on a private server?
Amazing stuff. Thanks!
In GPG you can create multiple public keys for encrypting, signing and sth else based on ONE private key. If so why do you say in video, that both can be used as for en/decrypt the other. And there can be only two of them?
I was giving a single, theoretical example. You’re referring to a very legitimate practical example which implements the same concepts as multiple instances. “In theory, there is difference between theory and practice. In practice, there is.” 😊
Wow guys! You're BOTH left handed - what are the odds!!
And they’re writing backwards!!
the line at 8:26 confuses me a bit. Because CA uses his Private Key. But the line goes from the user's Private Key
See the pinned comment above for a discussion of the correction.
This is awesome. Like, suscribe, click on the bell and whatever else you want. I'm going to watch more of your videos.
The guy with the glasses listened very carefully and still got things wrong. The other guy just went with it.
This is the guy with glasses. When I speak spontaneously, I sometimes make verbal mistakes like this. Sorry! I realized it was incorrect in the playback, but decided to leave it as-is. It took a few days for a viewer to correct me. 😉Another viewer pointed out a misstatement (?) by Jeff w.r.t. asymmetric keys. See the pinned comment for the viewers calling out these misstatements and our corrections.
@@homebarista I understand. I'm sorry for leaving a rude comment. It took a response from you to realize my own bitterness.
Thanks for sharing
Does IBM offer any type of managed PKI products?
No. However, IBM does have tools that do encryption and use PKI (Guardium Data Encryption plus all the PKI that is baked into our products and OSs).
IBM offers crypto capabilities of this sort on the mainframe as part of the security services in the OS. Also, crypto accelerator cards from IBM help speed up operation and keep keys secure
The second guy got caught in the weeds of asymmetric vs symmetric keys. Those are two completely different systems. No one uses symmetric keys anymore because RSA became popularized by Rivest, Shamir, and Aldman in their algorithm. RSA broadcasts the public keys and a message can be encoded so the private key can decode the message. The private key is not broadcasted. But anyone can send a message using the public keys to the server which can be decoded by the private key.
Every time you login to a secure web site, you use symmetric encryption as well as asymmetric
But where does the RA come to play? i thought you sent info to the RA, they then confirm your details and then tell the CA to create and issue the certificate
Great video, really helped reinforce some concepts as I look to get certified and into the industry. Thanks!
thanks a ton for content
a qustion more basic that I didn't felt answered..what problem this security answered to the end user?
I felt like an example (or story) of daily use with secure key and the one without that can finalize my understanding on the topic
Here's a simple end user example: Programs like email and browsers use encryption in order to ensure that communications cannot be read by anyone other than the intended party. Symmetric cryptography is how we secure the message and asymmetric crytography/PKI is how we exchange the symmetric keys so that the only the intended parties can read the messages [thanks to Jeff Crume for improving on my initial answer].
As a web developer you will understand faster the explanation of PKI.
Hey in this video it is been said that any one key can be arbitrarily chosen as a public key but i was under the impression that once the key pairs are generated they are specifically private and public because of the derivation of one key from the another i.e. We can't derive the private via the help of public key if we possess it but we can derive public key with the help of private key which distinguishes these key from each other and we can't randomly select any one key as the public from the available pair but yes both can use for encryption as well as decryption at the same time
I understand the certificate can be trusted because it was issued by the CA. But how does the CA evaluate that the public key is legit in the first place to create the certificate? Aren't we back to the initial question of "how do we know that the public key is trustworthy?"
The CA is responsible to issue the certs (and sign them with its private key). The public keys for trusted, well known CAs are hardcoded into browsers and other software so that they can verify that certificates are authentic and have been signed by a trusted third party
Nice!!!!!!
It seems not right at the last step, isn't it? The final signature should be signed by CA private key instead of any end users', right?
That is correct.
the first guy need to allow the main guy to explain
What are you writing on??? That looks 👍
We're writing on a glass pane that is directly in front of us. Since we're on the other side of the glass, the writing is backwards from the viewpoint of the camera, so we flip the image in post-production. That's why it appears that I'm left-handed when in fact I'm right-handed.
@@homebarista thanks, mate!
Efrain Throughway
You wouldn't want to encrypt your symmetric key with your private key and then send it out. Then, anyone with the public key code decrypt it and obtain your symmetric key. Instead, you would request your contact to use their public key to encrypt a symmetric key and send that to you.
Not quite :)
You want to encrypt the symmetric key with the public key of the entity you are communicating with, so that they can decrypt with their private key
Or, your contact would encrypt the symmetric key with your public key, so that you can decrypt with your private
That's TLS 1.2, though. 1.3 never sends the symmetric key over a network.
Every day that goes by, Bitcoin proves its worth. 🌐
my problem with IBM explanations is that they never really gives examples from AD on prem environment in windows server or ubuntu server, they will just give you the theory behind it , i would eve dare to say its a metaphor because nobody can really see how it is done in AD CA Environment in enterprise levels .
they only give you the concept because they themself never actually done that.
My goal with the video was to cover the concepts that would be applicable across all platforms. Vendor-specific implementations may be better explained by those vendors
762 Ibrahim Common
Justus Fork
17409 Aidan Forges
0972 Beer Terrace
WOWWWWWWWWWWWW
i would never encrypt the symmetric key with private asymmetric key but with my recipient's public asymmetric key so that only he can decrypt it using his private asymmetric key and no one else . In this video it is said the other way round using his own private key to encrypt the symmetric key but then anyone can use his public key to decrypt that and get the symmetric key .
1424 Leonel Ports
937 O'Conner Tunnel
Murray Burgs
Magdalen Ports
Rodriguez Amy Lewis Larry Thompson Larry
Newell Summit