Advanced Encryption Standard. A Symmetric key encryption algorithm e.g. AES 128, 256. Provides same encryption strength than much larger sized RSA keys. Good for hardware with limited processing or storage.
Application Programming Interface. Aimed to provide interfaces to interact with other software
Abstract Syntax Notation One. Provides data structure representation for different data in a cross platform fashion e.g. certificates, crls, OCSP, timestamp etc.
Concept of encrypting and decryption with two related keys called Private Key and Public Key. Each can decrypt data with the other key. Algorithms include DSA, RSA etc. There is no shared key involved.
Process to prove identity. Could be human or a machine (PC, router, switch, mobile, IOT etc.).
Basic Encoding Rules. Rules defining how to encode ASN.1 data.
A type of symmetric cipher which works on fixed sized bits e.g. DES, Triple DES, AES
Certification Authority (CA)
An entity (business, software etc.) which manages the life cycle of digital certificates. This includes creation, deletion, renewal, rekey, revocation of certificates. Can be a subordinate CA (issued by a Root CA) or a Root CA (self signed)
Certificate / Digital Certificate
A digital file which identifies a user, signed by a CA. The digital file contains the public key of the entity it identifies (person/computer/company etc.) Certificate contains information related to expiry, who issued the certificate and purpose. The associated private key of the public key can be used for authentication or signing. See more here.
Certificate Revocation List issued by a Certification Authority containing the list of revoked or blacklisted certificates. See more here.
The study of techniques to perform secure communication. See more here.
The process of getting original plain text from encrypted one.
Distinguish Encoding Rules. Rules defining how to encode ASN.1 data.
Data Encryption Standard. A deprecated symmetric encryption algorithm due to weak encryption key used. Developed in 1970s and broken in 1999. See more here.
Digital Signature is a cryptographically generated data to ensure Authenticity, Integrity and non-repudiation. Mostly confused with electronic signature. The idea was conjectured in 1976 by Whitfield Diffie and Martin Hellman and later implemented by RSA. See more here.
Elliptic Curve Cryptography is a public key cryptography based on algebraic structures on elliptic curves over finite fields. Good for low powered computing machines like mobile phones, IOT etc.. Competes RSA standard which is based on the difficulty on factoring large numbers.
One way unique transformation a large data e.g. strings into a fixed, short value e.g. MD-5, SHA-1, SHA-256 etc. A key step in creating digital signatures e.g. SHA256. The resultant value is called Hash value. SHA-256 Hash value of Codegic is b658b459663b78dfeecf473a136474f75f080933444a7aafae7300775ec4c309
Hardware security module. Able to process cryptographic keys (asymmetric and symmetric) in a secure fashion. Recommended for critical cryptographic operations. Keys generated cannot be exported in plain. Can be hosted on-premise or in the cloud.
A number which is a critical component to encrypt or decrypt data. In RSA could be of 2048 length or above and in case of ECC 160 bits or more. Longer key lengths ensures more security over slow performance to encrypt or decrypt. The public key and private key forms the KeyPair.
Encircles the complete life cycle of cryptographic key generation, renewal, storage, security and deletion.
One-time Password (OTP)
A temporary, user friendly, server generated unique password or PIN. Protects users from hackers when they use weak password. Normally used as two factor authentication. Have different variations like TOTP (Time based OTP) and HOTP (Counter based based OTP).
A server software implementing Online Certificate Status Protocol. Replaces the need to rely on CRL files which can be large and hence slows revocation checking process as opposed to light weight (few kb) request and response from the OCSP server.
A type of attack to acquire credentials or personal data from people mimicking legitimate emails, phone call or website.
Public Key Cryptography Standards. Developed by devised by RSA Laboratories in 1991. Some of these are:
- PKCS#1: Defines the format of RSA encryption.
- PKCS#5 – Password-based Encryption Standard
- PKCS#7 – Cryptographic Message Syntax Standard
- PKCS#8 – Private-Key Information Syntax Standard
- PKCS#9 – Attribute types for use in PKCS#6, PKCS#7, PKCS#8 and PKCS#10.
- PKCS#10 – Certificate Request Standard requesting certificate from a CA
- PKCS#11 – An Interface to communicate with cryptographic devices such as HSMs, Smart cards etc..
- PKCS#12 – A password protect data to securely store Private keys and associated certificates.
- PKCS#15 – Defines a file system of objects to be stored on cryptographic devices
NIST selected symmetric algorithm for AES works with a minimum key length of 128-bit. Learn more here.
A hashing algorithm providing more security over MD set of hashing algorithms. Ripemd-160 hash of Codegic is: edd8a680830228aa67b80760c448549e05d431d6
A public key cryptographic algorithm developed in 1977. This competes with ECC based public key algorithm.
A symmetric key e.g. AES 128, generated during a TLS handshake. 100x faster than asymmetric algorithm.
Secure Hash Algorithm. Started with SHA-1 (obsolete as subjected to collision attacks) following by SHA-2 family (SHA-256, SHA-384, SHA-512).
An encryption mechanism where same key is used to encrypt or decrypt data e.g. DES, AES
Secure Sockets Layer. A weak protocol utilizing public key cryptography generating symmetric keys to secure communication over the network. Now replaced by TLS protocol.
A digitally signed content sufficing that content existed prior a particular time. Time can be from system, HSM or GPS clock. Learn more here.
Time Stamping Authority
A server or business entity providing timestamp services. Can be a software or hardware.
Transport Layer Security.
An authentication scheme ensuring two pieces of information is present at authentication time e.g. password and OTP or password and biometric.
X.509 is a standard defining the format of public key certificates. V3 stands for version 3 of X.509 Digital Certificate prevalent as of 2021. See more here.