Lesson 3 - Cryptographic Solutions Flashcards
AES
Advanced Encryption Standard
- a specification used to encrypt and protect electronic data. It is a symmetric encryption algorithm. It is used majorly as a replacement for the Data Encryption Standard (DES).
RSA
Rivest-Shamir-Adleman
- algorithm is a public-key cryptosystem that uses a pair of keys (a public key and a private key) to secure digital communication and transactions over insecure networks.
ECC
Elliptic Curve Cryptography
- a public-key cryptosystem based on the algebraic structure of elliptic curves over finite fields
SHA
Secure Hashing Algorithm
- A cryptographic hashing algorithm created to address possible weaknesses in MDA. The current version is SHA-2.
MD5
Message Digest Algorithm #5
- A cryptographic hash function producing a 128-bit output.
PKCS
Public Key Cryptographic Standard
- A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
DSA
Digital Signature Algorithm
- a cryptographic method used to create and verify digital signatures, ensuring the authenticity and integrity of digital messages or documents, similar to a handwritten signature but with enhanced security.
ECDSA
Elliptical Curve Digital Signature Algorithm
- a cryptographic algorithm used to create and verify digital signatures based on elliptic curve cryptography, offering efficient and secure authentication
FIPS
Federal Information Processing Standards
PKI
Public Key Infrastructure
- A framework of certificate authorities, digital certificates, software, services, and other cryptographic components deployed for the purpose of validating subject identities.
CA
Certificate Authority
- A server that guarantees subject identities by issuing signed digital certificate wrappers for their public keys.
CSR
Certificate Signing Request
- A Base64 ASCII file that a subject sends to a CA to get a certificate.
FDQN
Fully Qualified Domain Name
- the complete and unique address of a server or host on the internet, including the hostname and domain name, used to locate and access resources within the Domain Name System (DNS).
CN
Common Name
- An X500 attribute expressing a host or username, also used as the subject identifier for a digital certificate.
SAN
Subject Alternative Name
- A field in a digital certificate allowing a host to be identified by multiple host names/subdomains.
CRL
Certification Revocation List
- A list of certificates that were revoked before their expiration date.
OCSP
Online Certificate Status Protocol
- Allows clients to request the status of a digital certificate, to check whether it is revoked.
KMS
Key Management System
- In PKI, procedures and tools that centralizes generation and storage of cryptographic keys.
KMPI
Key Management Interoperability Protocol
- a standardized communication protocol, developed by OASIS, designed to enable interoperability between key management systems and cryptographic applications, simplifying key management and enhancing data security
PRNG
Pseudo Random Number Generator
- The process by which an algorithm produces numbers that approximate randomness without being truly random.
TRNG
True Random Number Generator
- A method of generating random values by sampling physical phenomena that has a high rate of entropy.
TPM
Trusted Platform Module
- Specification for secure hardware-based storage of encryption keys, hashed passwords, and other user- and platform-identification information.
HSM
Hardware Security Module
- An appliance for generating and storing cryptographic keys. This sort of solution may be less susceptible to tampering and insider threats than software-based storage.
TEE
Trusted Execution Environment
- a secure, isolated area within a processor that protects the confidentiality and integrity of code and data executed within it, ensuring sensitive information remains secure even if the main system is compromised.
