1
00:00:07,580 --> 00:00:16,730
Besides protecting communications certificates also can protect content and verify the identity of the

2
00:00:16,730 --> 00:00:17,360
content.

3
00:00:17,360 --> 00:00:17,990
Author.

4
00:00:18,830 --> 00:00:26,570
When you receive a message with confidential content, you need to be confident about two things that

5
00:00:26,840 --> 00:00:34,580
the message was not modified in transit and the identity of the author is verifiable.

6
00:00:35,550 --> 00:00:44,820
You can also use certificates to protect and verify content and to verify the identity of an author.

7
00:00:45,240 --> 00:00:50,040
It is common for a user to sign a document digitally.

8
00:00:51,530 --> 00:01:01,010
No digital signatures when a person digitally signs a document in an application such as an email or

9
00:01:01,010 --> 00:01:03,200
a microsoft Word document.

10
00:01:03,520 --> 00:01:07,760
Sure, she confirms that the document is authentic.

11
00:01:09,990 --> 00:01:19,020
In this context, authentic means that it is known who created and signed a document and that no one

12
00:01:19,020 --> 00:01:29,850
has altered the document since a public key infrastructure or PGI cannot achieve this level of security

13
00:01:30,510 --> 00:01:33,840
compared to the web server from the previous topic.

14
00:01:34,710 --> 00:01:39,610
A user also can have a certificate for the public and private key pair.

15
00:01:40,290 --> 00:01:49,110
This certificate is used in the process of digital signing when an author digitally signs a document

16
00:01:49,110 --> 00:01:49,920
or a message.

17
00:01:50,310 --> 00:01:55,170
The operating system on his or her computer creates a message.

18
00:01:56,040 --> 00:02:06,630
Cryptographic digit digest that ranges from 128 bit to 256 bit number.

19
00:02:07,200 --> 00:02:13,020
It is generated by running the entire message through a hash algorithm.

20
00:02:13,530 --> 00:02:21,120
This number then is encrypted by using the author's private key and it is added to the amount of the

21
00:02:21,120 --> 00:02:22,560
document or message.

22
00:02:23,640 --> 00:02:27,420
When the document or message reaches the recipient.

23
00:02:27,840 --> 00:02:34,050
It will go through the same hash algorithm as when the author digitally signed it.

24
00:02:34,680 --> 00:02:44,490
Also, the recipient uses the author's public key to decrypt the digest that is added to the message

25
00:02:45,120 --> 00:02:46,590
after it is decrypted.

26
00:02:46,620 --> 00:02:54,930
It is compared to the digest the recipient has generated and if they are the same, the document or

27
00:02:54,930 --> 00:02:57,570
the message was not altered urine.

28
00:02:58,800 --> 00:03:06,390
Transport also if the recipient can decrypt their budget by using the authorities public key.

29
00:03:06,660 --> 00:03:14,520
This meant the digest was encrypted by using the author as private key, and that confirms the author's

30
00:03:14,520 --> 00:03:17,040
identity as the end.

31
00:03:17,280 --> 00:03:23,580
The recipient also verifies the certificate that proved the authors identity.

32
00:03:24,330 --> 00:03:33,390
During this check, the recipient also verifies the validity period serial subject name and certificate

33
00:03:33,390 --> 00:03:34,440
chain trust.

34
00:03:35,840 --> 00:03:40,430
Nelson wrote about implementing, implement and digital signatures.

35
00:03:42,230 --> 00:03:44,480
To implement digital signatures.

36
00:03:45,920 --> 00:03:52,520
An internal communications unit to issue certificates based on the user template.

37
00:03:53,500 --> 00:03:57,040
You also issue certificates to all users.

38
00:03:58,090 --> 00:04:00,100
Who use digital signatures.

39
00:04:00,640 --> 00:04:05,140
Who can issue the certificate without any user intervention?

40
00:04:05,170 --> 00:04:13,930
If you use auto enrolment also users must use an application that supports content signing.

41
00:04:14,470 --> 00:04:20,230
For example, you can use digital ID digital signatures by default in Windows.

42
00:04:20,650 --> 00:04:24,340
Microsoft Word and Microsoft Outlook.

43
00:04:25,270 --> 00:04:33,250
Digital signatures are ready to use after the application issues and configure the certificate after

44
00:04:33,250 --> 00:04:37,750
you sent digitally signed content outside of your organisation.

45
00:04:37,960 --> 00:04:42,550
You might experience you trust issues in this scenario.

46
00:04:42,880 --> 00:04:51,760
A recipient is not in the same EDS domain as the author, so it does not trust the CAA that issued the

47
00:04:51,760 --> 00:04:54,640
certificate for the digital signature.

48
00:04:55,980 --> 00:05:04,290
Although this type of digital signature will still be valid from a content production perspective,

49
00:05:04,710 --> 00:05:09,660
an application will probably generate a warning on the recipient side.

50
00:05:10,350 --> 00:05:18,120
If you need to send digitally signed content to recipients outside of your organisation, it is recommended

51
00:05:18,390 --> 00:05:23,530
that you buy a certificate from a public global trusted see.

52
00:05:25,210 --> 00:05:32,140
Next up, we'll have a demonstration where we'll see how to sign a document digitally.