1.4 simple

PKI (Public Key Infrastructure)

A framework that manages digital keys and certificates to enable secure electronic communication

Symmetric Encryption

Uses the same key for both encryption and decryption

Asymmetric Encryption

Uses a pair of keys - one public and one private - for encryption and decryption

Symmetric

Uses the same key for encrypting and decrypting.

Key exchange

How parties share encryption keys securely.

Algorithms

Formulas used to encrypt and decrypt data

Key length

The size of the cryptographic key (longer = stronger).

Trusted Platform Module (TPM)

Chip that stores keys securely.

Hardware Security Module (HSM)

Specialized device for key management.

Key management system

Software for generating, storing, and handling keys.

Secure enclave

Isolated area for sensitive processing.

Steganography

Hides data within other data (like a picture).

Tokenization

Replaces sensitive data with tokens.

Data masking

Hides real data with fake but realistic values.

Hashing

One-way conversion of data, often used for passwords.

Salting

Adding random data before hashing to make it unique.

Digital signatures

Signing data to prove authenticity.

Key stretching

Making weak keys stronger using extra algorithms.

Blockchain

Linked records secured by cryptography.

Open public ledger

Blockchain that is visible to everyone.

Certificates

Digital documents that prove identity

Certificate authorities

Trusted organizations that issue certificates.

Certificate revocation lists (CRLs)

List of invalid certificates.

Online Certificate Status Protocol (OCSP)

Checks if a certificate is still valid.

Self-signed

Certificate signed by its owner.

Third-party

Signed by a trusted certificate authority.

Root of trust:

Trusted starting point for a chain of certificates.

Certificate signing request (CSR)

Request to a CA for a certificate.

Wildcard

Certificate that can cover multiple domains.

Public Key

Key everyone can know, used to encrypt or verify.

Private key

Secret key, used to decrypt or sign.

Key escrow

Secure way for a third party to keep keys for recovery.

Encryption

Converting data into a coded form to protect it.

Full-disk

Encrypts whole drives.

Partition

Encrypts sections of storage.

File

Encrypts a single file.

Volume

Encrypts a whole storage volume.

Database

Encrypts entire databases.

Record

Encrypts specific data entries.

Transport/communication

Encrypts data being sent over networks.