he probably is recording the browser, and the drop down menu could potentially be a pop-out window

You can use your private key to encrypt a message. When you do, it can only be decrypted with your public key. Another person can also encrypt a message using your public key. This means that the message can only be decrypted with your private key. The first example is much more common, but both techniques can be used.

The concept is just reversed with digital signatures.

Great question! These are accessible through the CompTIA Learn+Labs environment. You will get access to all of the PBQs when you enroll in one of our courses. We have self-paced and instructor-led courses available. When you enroll in our self-paced course you'll get access to the Learn+Labs environment for a cheaper price AND you'll receive 25 hours of video lessons just like this one. Self-paced cyberkrafttraining.com/security-plus-sp/ Instructor-led cyberkrafttraining.com/security-plus-spb/

Keys can be very confusing. If you are sending a message, you would encrypt using your private key. Anyone receiving the message would decrypt it using your public key. This proves to the recipient that you were the author of the message.

My understanding is that when you send an encrypted message using public key cryptography, you would encrypt it with the recipient's public key so that only they can decrypt it with their private key. Nobody else can decrypt the message because you cannot decrypt with the same key used to encrypt (the recipient's public key in this case), and thus you ensure only the holder of the private key can decrypt it. However, the point of a digital signature is to verify the integrity of the message. When encrypting a digital signature, you encrypt it with your private key, and thus create a *unique* digital signature that can only be decrypted by your public key. This allows one to be certain that the digital signature indeed originated from you, and they can then verify your decrypted hash of the original message against the results of their own hashing of the message. If a threat actor performed an on-path attack and/or otherwise modified the contents of the email, when Bob performs his own SHA hash of the message it would differ from the hash contained within the Digital Signature.

@@Jetmechjr Ohhh okay I was confusing cryptography encryption with the digital signature. You explained that really well, thank you so much !!!

@@cyberkraft1 your videos and explanations rock, thank you!

Great question! So when the receiver of the message sends a reply they would sign the message using their private key. Then, the receiver of that message (the original sender) would use the sender's public key.

It's based on availability of the key. A public key is available tot he public, and a private key is kept secret. If everyone had access to the private key, then it would defeat the purpose of encrypting the message!

@@darandomizer2 each key could do either it depends on what you pick