1
00:00:00,080 --> 00:00:00,670
all right.

2
00:00:00,670 --> 00:00:05,790
so for this video, we're going to talk about signing messages and verifying signatures on messages.

3
00:00:05,790 --> 00:00:15,670
so this is a really important part of pgp because anyone can just send you in a pgp encrypted text, but it's important to validate that the person you expect to send it is actually the one sending it.

4
00:00:15,670 --> 00:00:24,450
so if you've imported someone keys before because you can trust them or you've got it from a valid source, you can now you can now also verify signatures related to that.

5
00:00:24,450 --> 00:00:25,990
and you can sign stuff yourself.

6
00:00:25,990 --> 00:00:31,330
if you have a pgp key and you want to sign something to prove that you are the one who sent it.

7
00:00:31,330 --> 00:00:35,390
a signature essentially just means that you are in control of the private key.

8
00:00:35,390 --> 00:00:37,390
you can't sign without that private key.

9
00:00:37,390 --> 00:00:46,560
so someone can validate that, okay, if they signed it, they are in control of those keys, meaning i should be able to trust the source of that pgp signee and the pgp encrypted message.

10
00:00:46,820 --> 00:00:50,360
so let's hop back over to tails to see a few examples of this in action.

11
00:00:50,660 --> 00:00:55,870
now here on tails, we got a few different messages, but the important one i wanted to see is this one right here.

12
00:00:55,870 --> 00:00:58,090
it says this message is signed by me.

13
00:00:58,090 --> 00:01:00,290
so that's the actual message in plain text.

14
00:01:00,290 --> 00:01:03,430
but there's a pgp signature also at the end of this.

15
00:01:03,430 --> 00:01:08,880
so we want to actually validate this pgp signature to ensure that the pgp signed message is correct.

16
00:01:08,980 --> 00:01:13,080
so what we'll do is back in cleopatra in our notepad, we can throw it in here.

17
00:01:17,740 --> 00:01:20,610
and then we can select decrypt verify notepad.

18
00:01:20,610 --> 00:01:25,480
and you can see right here because it was signed, there's a valid signature by me at freeboot dot com.

19
00:01:25,540 --> 00:01:27,880
signature was created with this certificate.

20
00:01:28,500 --> 00:01:38,720
now if i was to grab that text again, and if i was to paste it in here and change something about it, say change signed by me, i swear.

21
00:01:39,260 --> 00:01:42,690
instead, if we decrypt and verify, you'll see that nope, it doesn't work.

22
00:01:42,690 --> 00:01:45,320
so the signature validates that message above.

23
00:01:46,220 --> 00:01:49,760
so what the signature is validating is that this message is what i'm sending.

24
00:01:49,980 --> 00:01:52,710
right here, the message was this was sent by me.

25
00:01:52,710 --> 00:02:02,470
so what vendors do on the dark web and what websites do is they might assign something that have some urls of their site so that you know that those are the valid urls that they are sending.

26
00:02:02,470 --> 00:02:06,800
because if that url is changed by even one character, it will no longer work.

27
00:02:07,100 --> 00:02:18,800
for example, if this part of the message was a dot onion url and it was changed by one character, even an extra space, and you go to decrypt and verify it, you'll see that it's a bad signature.

28
00:02:18,860 --> 00:02:20,080
it comes up red.

29
00:02:20,140 --> 00:02:24,010
so that is all that is required to actually verify signed messages.

30
00:02:24,010 --> 00:02:28,040
it's pretty simple and it's a good way to be sure you're actually communicating with who you expect.

31
00:02:28,180 --> 00:02:31,250
and if you wanted to sign your own message, it's actually not too difficult.

32
00:02:31,250 --> 00:02:34,600
all you would need to do is say whatever your message is.

33
00:02:35,420 --> 00:02:46,570
i am signing this message for those out there, my signing code is 121 2121, right?

34
00:02:46,570 --> 00:02:47,610
that's my signing code.

35
00:02:47,610 --> 00:02:52,670
so what i can do is in recipients, i can just select sign and we're not going to encrypt it for other people.

36
00:02:52,670 --> 00:02:54,870
we're just going to in general sign a message.

37
00:02:54,870 --> 00:02:57,320
now you can sign an encrypted message as well.

38
00:02:57,380 --> 00:02:59,760
but in this case, we just want to send it out.

39
00:02:59,900 --> 00:03:01,770
and we can just sign the notepad.

40
00:03:01,770 --> 00:03:04,230
and boom, we have a very similar message here.

41
00:03:04,230 --> 00:03:11,640
and if i was to decrypt or verify, if i change just one character, say added another one and decrypt or verify, you can see now it's a bad signature.

42
00:03:13,420 --> 00:03:15,950
so that's really all it takes is for actual signing.

43
00:03:15,950 --> 00:03:20,490
now, if you were to sign a message for somebody, you can also do that by just doing what we've done before, right?

44
00:03:20,490 --> 00:03:23,000
encrypt it for others, but also sign it as you.

45
00:03:23,100 --> 00:03:26,710
so this way they can actually validate the message by decrypting it for them.

46
00:03:26,710 --> 00:03:33,770
and they can validate that you signed the message and that you have control of that public and private key based on the key that they have imported.

47
00:03:33,770 --> 00:03:34,710
so that's really it.

48
00:03:34,710 --> 00:03:37,400
if you have any questions on this process, of course, let me know.

49
00:03:37,660 --> 00:03:39,240
otherwise, we'll see you in the next one.