Your Browser is not longer supported

Please use Google Chrome, Mozilla Firefox or Microsoft Edge to view the page correctly
Loading...

{{viewport.spaceProperty.prod}}

Glossary

&pagelevel(2)&pagelevel

This glossary is designed to supplement chapter 4 “Definitions” of the PKCS#11 standard.

AES (Advanced Encryption Standard)
The AES is a FIPS publication that specifies a cryptographic algorithm for the USA authorities. AES is now the default block cipher. AES was developed by the Belgian cryptologists Dr. Joan Daemen and Dr. Vincent Rijmen.

ANSI (American National Standards Institute)
This institute develops standards for various accredited standard committees (ASC). The X9 committee is mainly concerned with security standards for financial services.

Asymmetric keys
A separate, yet integrated, user key pair consisting of a public key and a private key. This is a “one-way” key, or in other words, a key that is used to encrypt certain data, but which cannot be used to decrypt this data.

Block cipher
A symmetrical cipher code that is based on blocks (usually 128-bit blocks) of plain text and encrypted text.

CBC (Cipher Block Chaining)
The CBC mode is a mode of operation for block ciphers. A plaintext block is connected with the help of the XOR operator with the preceding text block (or the IV) before it is encrypted. This adds a “feedback” mechanism to a block cipher.

CCM (Counter with CBC-MAC)
The CCM mode is a mode of operation for block ciphers. It makes from a block cipher a method for authenticated encryption, which provides both confidentiality and integrity.

CFB or CFM (Cipher Feedback Mode)
A block cipher that is implemented as a self-synchronizing stream cipher. This feeds back a specified number of bits of the ciphertext as the input data for the block cipher and encrypts it using a fixed key.

Ciphertext
This is the result of a change made to letters or bits. This change is made by replacing, exchanging or replacing and exchanging information.

Cleartext
See plaintext

Cryptoki

A program interface to devices that save cryptographic information and carry out cryptographic functions; as specified by the PKSC#11 standard.

CTR (Counter Mode)
The Counter Mode is a mode of operation for block ciphers for creating a stream cipher.

Decryption
The process of converting ciphered (or encrypted) text back to clear text.

DES (Data Encryption Standard)
A 64-bit block cipher or symmetric algorithm that is also referred to as the Data Encryption Algorithm (DEA) (ANSI) or DEA-1 (ISO). This has been adopted in 1976 as “FIPS 46”.

Diffie-Hellman
The first encryption algorithm for public keys that used discret logarithms in a finite field. It was created in 1976.

DSA (Digital Signature Algorithm)
A digital signature algorithm created by NIST for public keys for use in DSS.

DSS (Digital Signature Standard)
A standard (FIPS) suggested by NIST for digital signatures using DSA.

ECB (electronic codebook)
A block cipher which uses the plain text block as direct input for the encryption algorithm. The output block resulting from the encryption process is then used directly as the ciphertext.

FIPS (Federal Information Processing Standard)
A standard of the USA government as published by NIST.

GCM (Galois/Counter Mode)
The GCM is a mode of operation for block ciphers. It makes from a block cipher a method for authenticated encryption, which provides both confidentiality and integrity.

Handle
A value used to identify a session or an object assigned by Cryptoki (see also section 6.6.5 “Session handles and object handles” of the PKCS#11 standard).

Hash function
A single-direction hash function is a function that generates a message core, that cannot be reversed in order to obtain the original information.

HMAC
A key-dependent single-direction hash function specially designed for use with MAC (Message Authentication Code) and based on IETF RFC 2104.

IETF (Internet Engineering Task Force)

A comprehensive open international community made up of network developers, operators, dealers and research specialists whose job is the development of the Internet architecture and the smooth running of the Internet. This organization is open to all those who are interested.

Initialization vector or IV
A block of random data that uses “Chaining Feedback Mode” (see “Cipher Block Chaining (CBC)”) and serves as the starting point for a block cipher.

Integrity
Proof that data has not been changed (by unauthorized persons) during saving or transfer.

ISO (International Organization for Standardization)
This organization is responsible for a wide range of standards, for example, the OSI model, and also for international relations with ANSI for X. 509.

Key
This is a method of granting and rejecting the following access, ownership rights or control rights. This is represented by any number of values.

Key exchange
A procedure that uses two or more nodes to transfer a secret session key via an insecure channel.

Key length
The number of bits used to represent the key size. The longer the key - the more secure it is.

Key management
A procedure used to save and distribute accurate cryptographic keys. The entire process of secure creation and distribution of cryptographic keys to authorized recipients.

MAC (Message Authentication Code)
A key-dependant single-direction hash function which requires an identical key to verify the hash.

MD2 (Message Digest 2)
A single-direction hash function with 128-bit hash result, uses a random permutation of bytes.
Designed by Ron Rivest.

MD4 (Message Digest 4)
A single-direction hash function with 128-bit hash result, uses a simple set of bit manipulations with 32-bit operands. Designed by Ron Rivest.

MD5 (Message Digest 5)
An improved and more complex version of MD4. But still a single-direction hash function with 128-bit hash result.

Mechanism
Process used to implement cryptographic operations

Message Digest
A checksum that is calculated from a message. If you change just a single character in a message then the message will have a different Message Digest.

Mutex objects
Mutex is a short form of Mutual Exclusion;
simple objects that can be in only one of two states at any time: locked or unlocked (see also PKCS#11 specification, section 6.5.2 “Applications and threads”).

NIST (National Institute for Standards and Technology)
A department of the “U.S. Department of Commerce”. Publishes standards on compatibility (FIPS).

NSA (National Security Agency)
A department of the “U.S. Department of Defense”.

OFB (Output Feedback Mode)
As in CFB a block cipher is used as a stream cipher. Unlike CFB, the bits of the output are directly fed back. OFB is not self-synchronizing.

Operation
A sequence of several cryptographic functions

PKCS (Public Key Crypto Standards)
A range of de-facto standards for encryption using public keys, developed by an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, RSA and Sun). This also includes algorithm-specific and algorithm-independent implementation standards. Specifications for the definition of message syntax and other protocols that are controlled by the RSA Data Security, Inc.

Plaintext or cleartext
Data or messages before encryption, in a format that can be easily read by humans - also known as uncoded text.

Private key
The “secret” component of an integrated asymmetrical key pair, the component that is said to be in private possession, and is also often known as the decryption key.

Pseudo-random number

A number that is calculated by applying algorithms, this creates random values that are derived from the computer environment (e.g. mouse coordinates). See random number.

Public key
The publicly available component of an integrated asymmetrical key pair,often referred to as the encryption key.

Random number
An important aspect for many encryption systems and a necessary element when creating unique keys that a potential hacker is unable to calculate. Real random numbers are usually derived from analog sources and generally require the use of special hardware.

RC2 (Rivest Cipher 2)
Symmetrical 64-bit block cipher with variable key size, a branch-internal key from RSA, SDI.

RC4 (Rivest Cipher 4)
Stream cipher with variable key size, was originally the property of RSA Data Security, Inc. It is strongly recommended not to use RC4 as it meanwhile shows to many weaknesses. See also RFC 7465 "Prohibiting RC4 Cipher Suites".

RFC (Request for Comment)
An IETF document from the subgroup FYI RFC giving an overview and introduction or from the subgroup STD RFC which gives Internet standard. The abbreviation FYI stands for “For Your Information”. Each RFC has an RFC number that is used to identify it and call it up (www.ietf.org).

RSA
Short for RSA Data Security, Inc. Also refers to the names of the company founders Ron Rivest, Adi Shamir and Len Adleman, or to the algorithm developed by them. The RSA algorithm is used in cryptography with public keys. Its functionality is based on the fact that two large prime numbers may be easy to multiply together, but that it is very difficult to reduce the product back to the original two numbers.

Salt
A random string of characters that is linked using passwords (or random numbers) before operations are carried out using single-direction functions. This linking effectively extends the length of the password and makes it more obscure. Thus your cipher text is better protected against dictionary attack.

Secret key
The “session key” in symmetrical algorithms

Session key

The secret (symmetric) key used to encrypt all data records on a transaction basis. For each communication session a new session key is used.

SHA-1 (Secure Hash Algorithm)
In 1994 the SHA (FIPS 180-1) developed by NIST was revised and SHA-1 was the result. SHA-1 is used in conjunction with DSS to create a 160-bit hash result. It is similar to the popular and wide spread MD4.

SHA-2 (Secure Hash Algorithm)
SHA-2 is the umbrella term for the hash functions SHA-224, HSA-256, SHA-384, SHA-512, SHA-512/224 and SHA512/256.  For quite some time it is recommended to switch from using SHA-1 to functions from the SHA-2 family.

Slot
According to the definition, PKCS#11 can simultaneously use logical cryptographic function units (slots). In CRYPT only one slot is supported at this time.

SSL (Secure Socket Layer)
This was developed by Netscape to ensure the security and non-disclosure of sensitive information on the Internet. Supports the server/client authentication and ensures the security and integrity of the transfer channel. This works on the transfer level and serves as the “socket library” and makes possible application-independent results. Encrypts the entire communication channel.

Stream cipher
A class of symmetric key encryption during which the conversion can be changed for each character of plaintext that is to encrypted. This is recommended for environments with limited memory capacity available to buffer data.

Symmetric algorithm
Also called a conventional, secret key or single-key algorithm. The encryption key is either identical to the decryption key, or it is possible to derive one key from the other. There are two sub-categories - block and stream.

TLS (Transport Layer Security)
A draft from IETF. Version 1 is based on Version 3.0 of the SSL protocol and serves to maintain privacy when communicating across the Internet.

Triple-DES
An encryption configuration in which the DES algorithm is used three times with three different keys.

Powered by Atlassian Confluence and Scroll Viewport.