Overview of Public Key Infrastructure and Cryptography

Public Key Infrastructure (PKI)

A framework for managing digital certificates and public-key encryption.

Public Key

A cryptographic key that is shared openly and used for encryption or verifying signatures.

Private Key

A secret key that is kept confidential and used for decrypting data or creating digital signatures.

Key Escrow

A process where cryptographic keys are stored by a trusted third party for emergency access.

Encryption

The process of converting data into a coded format to prevent unauthorized access.

Level

Various levels of encryption applied to different aspects of data storage and communication.

Transport/Communication

Securing data during transmission between devices or networks.

Asymmetric Encryption

Encryption method using pairs of keys: public and private keys.

Symmetric Encryption

Encryption method using a single key for both encryption and decryption.

Key Exchange

Process of securely sharing cryptographic keys between parties.

Algorithms

Mathematical formulas used for encryption and decryption.

Key Length

The size of the cryptographic key, influencing the strength of encryption.

Trusted Platform Module (TPM)

Hardware component for securely storing cryptographic keys and performing cryptographic operations.

Hardware Security Module (HSM)

Dedicated hardware device for managing, storing, and processing cryptographic keys securely.

Key Management System

Software or hardware solution for generating, storing, and distributing cryptographic keys.

Secure Enclave

Isolated hardware or software environment for secure processing of sensitive data.

Steganography

Concealing data within other data to hide its existence.

Tokenization

Substituting sensitive data with non-sensitive placeholders.

Data Masking

Concealing or anonymizing specific data elements within a dataset.

Hashing

Generating a fixed-size, unique hash value from input data using cryptographic algorithms.

Salting

Adding random data to input before hashing to prevent identical inputs from producing the same hash.

Digital Signatures

Cryptographic signatures that verify the authenticity and integrity of digital messages or documents.

Key Stretching

Technique to increase the computational effort required to derive keys from passwords.

Blockchain

Distributed, decentralized ledger technology used for secure and transparent record-keeping.

Open Public Ledger

Transparent and publicly accessible record of transactions or data entries.

Certificates

Digital documents used to authenticate the identity of users, devices, or organizations.

Certificate Authorities

Entities that issue and manage digital certificates.

Certificate Revocation Lists (CRLs)

Lists of revoked or compromised digital certificates.

Online Certificate Status Protocol (OCSP)

Protocol for checking the revocation status of digital certificates in real-time.

Self-signed

Digital certificates signed by their own issuer.

Third-party

Digital certificates issued by a trusted third-party CA.

Root of Trust

A trusted entity or component from which cryptographic operations and trust relationships originate.

Certificate Signing Request (CSR) Generation

Process of requesting a digital certificate from a CA.

Wildcard

A digital certificate that can secure multiple subdomains of a domain.