Version control
Software that tracks changes and allows reverting to previous versions.
Public key infrastructure (PKI)
System using public and private keys for data encryption and verification.
Public key
Visible digital lock used for encryption in PKI; requires private key for decryption.
Private key
Secret key paired with a public key for decrypting encrypted data.
Key escrow
Process of storing private keys with a trusted third party for data access if keys are lost.
Full-disk encryption
Encrypting all data on a disk including OS, applications, and user files.
Partition encryption
Encrypting specific partitions or sections of a hard drive.
File encryption
Encrypting files or folders to protect their contents.
Volume encryption
Encrypting a virtual container or disk image acting as a separate storage volume.
Database encryption
Securing a database by encrypting sensitive stored data.
Transport/communication encryption
Encoding information before sending over a network to prevent unauthorized interception.
Asymmetric encryption
Using separate keys for encryption and decryption (public and private keys).
Symmetric encryption
Using a single shared key for both encryption and decryption.
Key exchange
Securely sharing cryptographic keys between parties for message encryption.
Algorithms
Mathematical procedures for generating cryptographic keys and ensuring secure communication.
Key length
The longer the key, the more secure it is against guessing or attacks.
Trusted Platform Module (TPM)
Microchip on a computer's motherboard for secure storage of keys and sensitive data.
Hardware security module (HSM)
Hardware device for secure key storage, commonly used in high-security environments.
Key management system
System for generating, storing, distributing, and revoking encryption keys.
Secure enclave
Highly protected area for secure operations like encryption within computer systems.
Obfuscation
Technique to make code or data harder to understand without changing its functionality.
Steganography
Method of hiding secret information within non-secret files or messages.
Tokenization
Protecting sensitive data by replacing it with non-sensitive placeholders.
Data masking
Protecting data by replacing it with fictional or anonymized data while maintaining format.
Hashing
Process of converting data into a unique, scrambled output (hash value) in cryptography.
Salting
Adding random data to passwords when hashing to enhance security.
Digital signatures
Digital signatures authenticate the identity of message senders or document signers.
Key stretching
Technique to increase password security by requiring more time and resources for attackers.
Blockchain
Distributed digital ledger technology recording transactions across a network.
Open public ledger
System where transactional data is transparently shared and accessible to all network participants.
Certificates
Digital documents validating entity identity for secure internet communication.
Certificate authorities
Trusted entities issuing digital certificates to authenticate individuals, organizations, or devices.
Certificate revocation lists (CRLs)
Lists by CAs containing revoked digital certificate serial numbers before expiration.
Online Certificate Status Protocol (OCSP)
Protocol for real-time verification of digital certificate revocation status.
Self-signed
Digital certificate signed by its creator rather than a trusted CA.
Third-party
Entity validating certificate authenticity but not the issuer or subject.
Root of trust
Inherently trusted security system serving as the basis for trust relationships.
Certificate signing request (CSR) generation
Process of generating key pair, creating CSR file, and submitting it to a CA for approval.
Wildcard
Digital certificate securing a domain and its subdomains with a single certificate.