Web Cryptography

Glossary

A

Abstract Syntax Notation One (ASN.1)

Notation for representing data in telecommunications and computer networking. ASN.1 only defines an abstract specification of data. A concrete representation (transfer syntax) depends on a chosen encoding scheme. Examples of ASN.1 encodings are BER - Basic Encoding Rules, DER - Distinguished Encoding Rules, CER - Canonical Encoding Rules, or XER - XML Encoding Rules. DER encoding is frequently used to represent cryptographic data structures.

Advanced Encryption Standard (AES)

Federal Information Processing Standard describing a block cipher based on the Rijndael algorithm. AES is a modern successor to DES.

asymmetric cryptography

Branch of cryptography based on the concept of the cryptographic key pair - two mathematically related keys. The public key is available to prospective counteragents. The private key is kept secret and remains known only to its originator. It is computationally infeasible to obtain the private key from the public key.

authenticated encryption

Block cipher mode of operation encrypting data and authenticating the resulting message simultaneously.

B

block cipher

An encryption algorithm transforming plaintext data represented as fixed-size segments into blocks of ciphertext. The transformation is based on a secret key.

C

certificate issuer

Certification Authority or another entity that has signed and issued an X.509 certificate.

certificate policy

A set of rules defining the bounds of the certificate applicability.

certificate revocation

The statement of the certificate issuer that the certificate has become invalid.

certificate revocation list (CRL)

A data structure containing X.509 certificates that have been invalidated by their issuers.

certificate subject

An entity whose public key is certified.

certification authority (CA)

An authority creating and assigning public-key certificates.

certification path

A sequence of public key certificates enabling certificate users to verify the signature on the last certificate in the path.

certification request (CSR)

A data structure containing a distinguished name of the entity requesting certification, a public key, and an optional set of attributes. The signed request is then sent to a certification authority which transforms the CSR to an X.509 public-key certificate. The syntax of CSRs is based on PKCS #10 - one of the Public-Key Cryptography Standards.

Cryptographic Message Syntax (CMS)

A general syntax for data that may have cryptography applied to it. CMS was first specified in PKCS #7 - one of Public-Key Cryptography Standards devised and published by RSA Security. CMS is compatible with the Privacy-Enhanced Mail standard and forms the basis for other cryptographic specifications.

D

data integrity

The property that data has not been modified in an unauthorized manner.

Diffie-Hellman Key Agreement

A key establishment algorithm enabling two parties to agree upon a key without exchanging any secret information over insecure channels.

digital signature

A value computed with a cryptographic algorithm and appended to a message in such a way that it can be used to verify the origin and integrity of the signed message. Digital signature is unique to the signer and relies on the public-key infrastructure.

E

elliptic curve cryptography (ECC)

Branch of cryptography based on the algebraic properties of elliptic curves.

encryption

A cryptographic primitive translating data from an intelligible format to an unintelligible one under the control of a cryptographic key. Symmetric encryption uses a shared key. Asymmetric encryption makes use of a cryptographic key pair: the public key is employed for encryption; the encrypted data can be only deciphered with the help of the corresponding private key.

H

hash function

A one-way function creating a unique digital representation of a certain data: hash functions take an input (message) and produce a message digest such that any change to the original message will result in a different hash result.

Hash-Based Message Authentication Code (HMAC)

A message authentication code computed as a result of applying both a hash function and a secret key to the message.

I

initialization vector (IV)

A value altering the input data before encryption. The IV can set the starting state of a cryptographic algorithm.

M

Message Authentication Code (MAC)

A unique data tag used to provide the integrity of a message and confirm the message origin. MACs are usually classified as unconditionally secure MACs, MACs derived from stream ciphers, block-cipher based MACs, and HMACs - Hash-Based Message Authentication Codes.

message digest

A result of applying a hash function to the message.

mode of operation

A technique for enhancing the effect of a symmetric encryption. Standard modes defining how exactly a block cipher algorithm is applied to the plaintext are ECB - Electronic Code Book, CBC - Cipher Block Chaining, CFB - Cipher Feedback and OFB - Output Feedback modes.

P

padding

A technique appending padding bytes to a message to make a multiple of the block size required for a proper work of a block cipher algorithm.

private key

The secret component of a cryptographic key pair. The key allows the key owner to decipher the data encrypted with the corresponding public key. The private key is also used to sign a message: in this case the public key is applied to verify the signature. Private keys must be kept secret by their owners.

public key

The public component of a cryptographic key pair.

public-key certificate

A data structure binding a public key to an entity holding the corresponding private key.

Public-Key Cryptography Standards (PKCS)

A set of cryptographic standards developed in RSA Laboratories, e. g., PKCS #1 outlining the principles of public-key cryptography based on the RSA algorithm, PKCS #3 describing a method for implementing Diffie-Hellman key agreement, or PKCS #5 providing recommendations for implementing password-based cryptography.

public-key infrastructure (PKI)

A set of hardware, software, users and policies needed to perform operations with digital certificates.

R

relying party

Legal term designating a certificate user.

Rivest-Shamir-Adleman Algorithm (RSA)

An algorithm for asymmetric cryptography. The algorithm is based on the factoring problem.

S

salt

A random value used in password-based key derivation functions.

session key

A key that is used for symmetric encryption/decryption for a relatively short period of time.

Signed Public Key and Challenge (SPKAC)

A data structure that can be created by means of the <keygen> HTML5 element and sent to a certification authority.

stream cipher

A symmetric key cipher processing input data one discrete unit at a time.

X

X.509

An ITU-T standard defining a framework for public-key certificates and attribute certificates