Term |
Definition |
Advanced Electronic Signature |
See Digital Signature. |
Asymmetric cryptography |
There are two types of encryption:
- Symmetric - Identical secret key for encryption and decryption
- Asymmetric - Two Keys: a Private Key for decryption and signing and a Public key for encryption and validating signatures. Knowledge of Public Key does not reveal the Private Key.
|
Certificate Authority (CA) |
An authority that creates and signs Digital Certificates for one or more users. Usually CA's form a hierarchy. The top of this hierarchy is called the root CA.
See also RA. |
CAPI |
Cryptographic API (Application Programming Interface). An API provided by Microsoft to let applications encrypt or digitally sign data. |
CDP |
CRL Distribution Point – Definition used by applications to locate the CRL location. |
CRL |
Certificate Revocation List - the place where a CA stores the IDs of all the Digital Certificates that have been revoked. |
Data Integrity |
Assures document authenticity; Any changes made to the contents of the document will invalidate the signature. |
Detached Signature |
A possible method of adding a Digital Signature to signed data, where the Digital Signature and the signed data are kept separately. |
Digest |
Used in the process of creating a Digital Signature, a Digest is a unique digital representation or "fingerprint" of the signed data.
See also "Hashing". |
Digital Certificate |
Similar to a passport identifying a trusted person (or entity such as an application).
A Digital Certificate is issued by a CA and is used to ensure the authenticity of the Public key belonging to a certain user.
A Digital Certificate prevents hackers from claiming someone else's identity, because the CA issued the certificate after ensuring the authenticity of Public keys belonging to the original users. |
Digital Signature |
Digital Signature (sometime referred as Advanced Electronic Signatures) takes the concept of the traditional paper based signature into the digital realm, by cryptographically signing a digital "fingerprint" of the document. This signed "fingerprint" is unique to both the document and the signer. |
Electronic Signature |
While Digital Signatures and Electronic Signatures are sometimes used interchangeably, there is a significant difference between the two.
An Electronic Signature merely adds data (text, sound, symbol, picture etc.) to a document as means of identifying the signer. These signatures should be considered as forgeable. |
Enrollment |
The process of signing up a user for a Digital Signature "account", which includes generating a Key Pair and creating a Digital Certificate. |
Enveloped Signature |
A possible method of adding a Digital Signature to signed data, where the Digital Signature is embedded within the signed document. |
Enveloping Signature |
A possible method of adding a Digital Signature to signed data, where the signed data is actually embedded within the Digital Signature. |
Graphical Signature |
See Wet Signature. |
Hashing |
A mathematical process that converts a message (e.g. document) into a unique "message digest" that represents the original message. A hash function will not produce the same message digest from two different inputs.
A hash is a one-way function, making it infeasible to reverse the process to determine the original message from the "message digest". |
Key Pair |
The Public and Private keys generated for a user. |
Non-Repudiation |
Avoid denial of transactions. |
OTP |
One Time Password – An authentication method using a password that is only valid for a single use. |
PKCS#1 |
A Public-key cryptography Standard published by RSA Laboratories defining the basic syntax/format for a Digital Signature. This format doesn't include anything else other than the signature data. |
PKCS#7 |
A Public-key cryptography Standard published by RSA Laboratories defining the syntax/format for a Digital Signature. This format includes on top of PKCS#1 information such as timestamp, Digital Certificate and more. |
PKCS#11 |
A Public-key cryptography Standard published by RSA Laboratories defining an API, called Cryptokit, to devices which hold cryptographic information and perform cryptographic functions. |
PKCS#12 |
A Public-key Cryptography Standard published by RSA Laboratories defining a format for storing or transporting a user's private key, certificate, etc. |
PKI |
Public Key Infrastructure. The combination of standards, protocols and policies that support Digital Signatures and Encryption. |
Private Key |
The secret key in a PKI system, used to decrypt incoming messages and sign outgoing ones. A Private Key is always paired with its Public Key during key generation. |
Public Key |
The publicly available key in a PKI system, used to encrypt messages bound for its owner and to validate signatures made by its owner. A Public Key is always paired with its Private Key during key generation. |
Qualified Certificate |
A Digital Certificate issued by a CA that has a national accreditation for providing those. |
Qualified Digital Signature |
A Digital Signature based on a Qualified Certificate. |
Qualified Electronic Signature |
See Qualified Digital Signature. |
RA |
Registration Authority – An RA does the required identification for certain certificate data, which is then passed to the CA for issuing the Digital Certificate. |
Signature Pad |
An electronic device with a touch sensitive LCD screen which allows users to acquire and register a Wet Signature. |
Smart Card |
A card, typically the size as a credit card that contains a built-in microprocessor and memory. In traditional PKI systems, Smart Cards are used to store a user's Private Keys and in some cases, also perform the Hashing. |
Wet Signature |
A graphical representation of a wet-ink signature. The combination of a Graphical Signature and a Digital Signature provides a visual indication that the user is reassured by, as well as an assured method of sealing documents. |
X.509 |
An ITU (International Telecommunication Union) standard for Digital Certificates used in many PKI implementations. |
