1.4 - CompTIA Security+

Public Key Infrastructure (PKI)

Management of digital certificates and the binding of public keys to people or devices.

Public key

A cryptographic key that is shared publicly and used to encrypt information, which can only be decrypted by the corresponding private key.

Private key

A cryptographic key kept secret by the owner, used to decrypt information that has been encrypted with the corresponding public key.

Key Escrow

Refers to someone else holding the decryption keys, with private keys held by a third party.

Full-Disk Encryption

Encryption that protects an entire hard disk/storage drive, like BitLocker or FileVault.

Partition/volume encryption

Encryption of sections of a storage drive - also achievable via BitLocker and FileVault.

File encryption

Encryption of individual files on a storage device, ensuring that only authorized users can access the contents. Examples include Encrypting File System (EFS) on Windows.

Transport Encryption

Encryption of data in transit or traversing a network, such as HTTPS or using a VPN.

Asymmetric Encryption

A cryptographic method using a pair of keys, a public key for encryption and a private key for decryption.

Symmetric Encryption

A cryptographic method that uses the same key for both encryption and decryption.

Key Length

Refers to the size of the key used in an encryption algorithm, impacting strength and performance.

Trusted Platform Module (TPM)

Hardware that performs cryptographic functions and contains a cryptographic processor.

Database encryption

Encryption of data stored in a database. Involves transparent encryption, where all database information is encrypted with a symmetric key.

Record-level encryption

Encryption of individual columns within a database - separate symmetric keys are used for each column.

Key Management System

Software used to manage and protect cryptographic keys throughout their lifecycle.

Obfuscation

A technique used to alter or obscure data to prevent unauthorized access.

Steganography

A security method that conceals a message within another message or object.

Tokenization

Replacing sensitive data with a non-sensitive placeholder to protect original information.

Data masking

A data protection technique that replaces sensitive data with fictional but realistic values to protect confidentiality.

Digital Signatures

A method for verifying the authenticity and integrity of a message using a hash and encryption.

Blockchain

A distributed ledger technology that securely records transactions across multiple computers.

Blockchain (function)

Requested transactions are verified by nodes (devices) on a network, adding transactions to blocks, then calculating hashes to verify blocks. If transactions/blocks are tampered with, the block is rejected by the blockchain.

Certificate Authorities

Organizations that issue and manage digital certificates, verifying identities.

Certificate Revocation List

A list of revoked digital certificates, managed by a certificate authority.

Online Certificate Status Protocol (OSCP)

A protocol used for obtaining the revocation status of a digital certificate in real-time via the SSL handshake.

Self-signed Certificate

A digital certificate signed by the entity it certifies, not recommended for widespread use.

Root of Trust

PKI model ensuring that digital certificates are authentic and issued by a trusted authority.

Wildcard Certificate

A digital certificate allowing a single certificate to secure multiple subdomains of a domain.

Encryption algorithms

Formulae used to encrypt/decrypt data that can vary in complexity, security, and performance.

Out-of-band key exchange

Non-Internet transfer of encryption keys (e.g., telephone, postal services, or physical delivery methods).

Hardware security module (HSM)

High-end cryptographic hardware designed to manage thousands of cryptographic keys for hardware devices. Includes key backups and cryptographic accelerators.

In-band key exchange

Internet-based key exchange - the key is protected with additional symmetric encryption.

Secure enclave

A secure area within a processor that protects sensitive data, allowing for secure execution of code and storage of cryptographic keys.