| BLOB |
A generic sequence of bits that contain one or more fixed-length header structures plus context-specific data. |
| Ciphertext |
A message that has been encrypted. |
| CryptoAPI |
An application programming interface that provides services that enable application developers to add cryptography-based security to applications. |
| Cryptographic key |
The session (symmetric) key used during the encryption and decryption processes, and the public and private keys used during the authentication process. Of these three keys, the session key and private key must always remain secret. |
| Cryptography |
The art and science of information security. It includes information confidentiality, data integrity, entity authentication, and data origin authentication. |
| CSP Cryptographic Service Provider |
An independent software module that actually performs cryptography algorithms for authentication, encoding, and encryption. |
| Decryption |
The process in which ciphertext is converted to plaintext. |
| Encryption |
The process in which data (plaintext) is translated into something that appears to be random and meaningless (ciphertext). Ciphertext is difficult to unscramble without a secret key. |
| Key BLOB |
BLOB containing an encrypted private key. Key BLOBs provide a way to store keys outside the CSP. |
| Key container |
A part of the key database that contains all the key pairs (exchange and signature key pairs) belonging to a specific user.
Each container has a unique name that is used when calling GetCryptoProvider to get a handle to the container. |
| Plaintext |
A message that is not encrypted. Plaintext messages are also referred to as cleartext messages. |
| Public/private key pair |
A set of cryptographic keys used for public-key cryptography. |
| Public-key algorithm |
An asymmetric cipher that uses two keys, one for encryption, the public key, and the other for decryption, the private key.
As implied by the key names, the public key used to encode plaintext can be made available to anyone. However, the private key must remain secret. Only the private key can decrypt the ciphertext.
The public-key algorithm used in this process is slow (on the order of 1, 000 times slower than symmetric algorithms), and is typically used to encrypt session keys or digitally sign a message. |
| Session key |
A key used primarily for data encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key.
A session key consists of a random number of approximately 40 to 2000 bits. |
| Symmetric encryption |
Encryption that uses a single key for both encryption and decryption. Symmetric encryption is preferred when encrypting large amounts of data. Some of the more common symmetric encryption algorithms are RC2, RC4, and Data Encryption Standard (DES). |
| Symmetric key |
A single key, typically a session key, used for both encryption and decryption. |
| Block cipher |
A cipher algorithm that encrypts data in discrete units (called blocks), rather than as a continuous stream of bits. The most common block size is 64 bits. For example, DES is a block cipher.
Block ciphers are considered more secure than stream ciphers, however, block ciphers tend to execute much slower. |
| Stream cipher |
A cipher that serially encrypts data, one bit at a time.
|
| Initialization vector (IV) |
A sequence of random bytes appended to the front of the plaintext before encryption by a block cipher. Adding the initialization vector to the beginning of the plaintext avoids the chance of having the initial ciphertext block the same for any two messages.
For example, if messages always start with a common header (a letterhead or "From" line) their initial ciphertext would always be the same, assuming that the same cryptographic algorithm and symmetric key was used. Adding a random initialization vector keeps this from happening. |
