|
A | B | C | D | E | F | G | H | I | J | K | L | M | N | O | P | Q | R | S | T | U | V | W | X | Y | Z
Additional Decryption Key (ADK)
A special key to which messages are encrypted, in addition to the recipient. Using an ADK is a way to recover a message if the recipient is unable or unwilling to so (the holder of the ADK can decrypt any message that was encrypted to the ADK).
Advanced Encryption Standard (AES)
NIST approved encryption standards, usually used for the next 20 to 30 years. Rijndael, a block cipher designed by Joan Daemen and Vincent Rijmen that has 16-byte blocks and can operate with 128, 192, or 256-bit keys, was chosen as the new AES in October 2000.
algorithm (encryption)
A set of mathematical rules (logic) used in the processes of encryption and decryption.
algorithm (hash)
A set of mathematical rules (logic) used in the processes of message digest creation and key/signature generation.
American National Standards Institute (ANSI)
An organization that creates standards for the computer industry for a wide range of technical areas, from electrical specifications to communications protocols.
asymmetric encryption
Also known as public key encryption. Encryption where one key is used to encrypt a message (the public key) and another to decrypt the message (the private key).
authentication
The determination of the origin of encrypted information through the verification of someone"s digital signature or public key by checking its unique fingerprint.
authorization
To convey official sanction, access, or legal power to an entity.
authorization certificate
An electronic document to prove someone"s access or privilege rights, also to prove an individual is who he or she claims to be.
back up
To copy data to a second location as a precaution in case the main version becomes unavailable.
block cipher
A symmetric cipher operating on blocks of plain text and cipher text, usually 64 or 128 bits.
Blowfish
A 64-bit block symmetric cipher consisting of key expansion and data encryption. A fast, simple, and compact algorithm in the public domain written by Bruce Schneier.
cache
A portion of memory that holds recently accessed data; designed to speed up subsequent access to the same data.
CAST
A 64-bit block cipher using a 64-bit key, six S-boxes with 8-bit input and 32-bit output, developed in Canada by Carlisle Adams and Stafford Tavares.
certificate
An electronic document attached to a public key by a trusted third party, which provides proof that the public key belongs to a legitimate owner and has not been compromised.
Certificate Authority (CA)
A trusted third party that creates certificates consisting of assertions on various attributes and binds them to an entity and/or to a public key.
Certificate Revocation List (CRL)
An online, up-to-date list of previously issued certificates that are no longer valid.
certification
Endorsement of information by a trusted entity.
ciphertext
Plaintext converted into a secretive format through the use of an encryption algorithm. An encryption key can unlock the original plaintext from ciphertext.
clear-signed message
Messages that are digitally signed, but not encrypted.
cluster
Two or more PGP Universal Servers working together in an organization where users, keys, managed domains, and policies are synchronized between Primary and one or more Secondary servers. Clustering provides security, scalability, and reliability for the servers in the cluster.
Computer Emergency Response Team (CERT)
Security clearinghouse that promotes security awareness. CERT provides 24-hour technical assistance for computer and network security incidents. CERT is located at the Software Engineering Institute at Carnegie Mellon University in Pittsburgh, PA.
conventional encryption
Encryption that relies on a common passphrase instead of public key cryptography. The file is encrypted using a session key, which encrypts using a passphrase the individual is asked to choose.
Corporate Signing Key (CSK)
A public key that is designated by the security officer of a corporation as the system-wide key that all corporate users trust to sign other keys.
cryptanalysis
The reverse of cryptography, cryptanalysis is the art and science of breaking ciphers, ciphertexts, or keys.
crypto API (CAPI)
Microsoft"s crypto API for Windows-based operating systems and applications.
cryptography
The art and science of creating messages that have some combination of being private, signed, and unmodified with non-repudiation.
CRYPTOKI
Also known as PKCS#11, this is a standard API for using cryptographic tokens including smart cards and accelerators.
cryptosystem
A system composed of cryptographic algorithms, all possible plaintext, ciphertext, and keys.
Data Encryption Standard (DES)
A 64-bit block cipher, symmetric algorithm also known as Data Encryption Algorithm (DEA) by ANSI and DEA-1 by ISO. Widely used for over 20 years; adopted in 1976 as FIPS 46.
data integrity
A method of ensuring information has not been altered by unauthorized or unknown means.
decryption
The process of unscrambling encrypted information so that it becomes legible again. The recipient"s private key is used for decryption.
demilitarized zone (DMZ)
A subnetwork that sits between a trusted internal network, such as a corporate private LAN, and an untrusted external network, such as the Internet.
dictionary attack
A calculated brute force attack to reveal a password by trying obvious and logical combinations of words.
Diffie-Hellman
The first public key algorithm, invented in 1976, using discrete logarithms in a finite field.
digital signature
An electronic identification of a person or thing created by using a public key algorithm. Intended to verify to a recipient the integrity of data and identity of the sender of the data.
Digital Signature Algorithm (DSA)
The signing-only public key algorithm used in the Digital Signature Standard. DSA is a variant of the Elgamal (q.v.) algorithm.
Digital Signature Standard (DSS)
A U.S. Federal Information Processing Standard (FIPS) for digital signatures, using DSA and SHA-1.
direct trust
An establishment of peer-to-peer confidence.
domain
A subnetwork composed of a group of clients and servers under the control of one security database. Dividing LANs into domains improves performance and security.
domain name
An organization"s unique name on the Internet. For example, example.com is a domain name.
Domain Name System (DNS)
An Internet service that translated domain names into the corresponding IP address. Humans like domain names because they are easier to remember. For the Internet to work, however, the actual IP address must be known. Hence, the need for the translation from domain name to IP address.
DNS server
A server on the Internet that translates domain names into the corresponding IP address.
Elliptic Curve Cryptosystem (ECC)
Variants of the Diffie-Hellman family of public key algorithms, these operate on other sets than the integers and give smaller keys faster execution.
Electronic Data Interchange (EDI)
The direct, standardized computer-to-computer exchange of business documents (purchase orders, invoices, payments, inventory analyses, and others) between an organization and its suppliers and customers.
Elgamal
A variant of Diffie-Hellman that permits public key encryption similar to RSA encryption. The Diffie-Hellman keys in PGP software are Elgamal keys.
email
Short for “electronic mail.”
email address
A “name” in a specific format that identifies a particular user on a particular email system. On the Internet, email addresses use the following syntax: “user@domain name”; for example, “jsmith@example.com”. Email addresses must be unique.
encryption
The process of disguising a message in such a way as to hide its substance.
Federal Information Processing Standard (FIPS)
A U.S. government standard published by the National Institute of Standards & Technology (NIST).
File Transfer Protocol (FTP)
An Internet protocol used for transferring files.
fingerprint
A unique identifier for a key that is obtained by hashing specific portions of the key data.
firewall
A software or hardware/software combination that protects the perimeter of a network against unauthorized access to that network.
FTP server
A server that supports the File Transfer Protocol (FTP)
fully qualified domain name
The full name of a system, consisting of its local hostname and its domain name, including a top-level domain (com and edu are top-level domains). For example, “server.example.com” is a fully qualified domain name; “server” is the local hostname, “example” is the domain name, and “com” is the top-level domain.
gateway
A device on a network that serves as an entrance to another network. In an enterprise, the gateway is a computer that routes data from the computers inside the local network to destinations outside the local network. For people connecting from their homes via an Internet Service Provider (ISP), an ISP computer is their gateway to the Internet.
hash function
A one-way function that takes an input message of arbitrary length and produces a fixed-length digest.
hierarchical trust
A graded series of entities that distribute trust in an organized fashion, commonly used in ANSI X.509 issuing certifying authorities.
HyperText Transfer Protocol (HTTP)
A protocol commonly used on the World Wide Web for the exchange of HyperText Markup Language (HTML) documents.
identity certificate
A signed statement that binds a key to the name of an individual and has the intended meaning of delegating authority from that named individual to the public key.
implicit trust
Implicit trust is reserved for keypairs located on an individual"s local keyring. If the private portion of a keypair is found on a keyring. PGP solutions assume that the individual is the owner of the keypair and that he/she implicitly trusts himself/herself.
integrity
Assurance that data is not modified (by unauthorized persons) during storage or transmittal.
International Data Encryption Standard (IDEA)
A 64-bit block symmetric cipher using 128-bit keys based on mixing operations from different algebraic groups. Considered one of the strongest algorithms.
International Organization for Standardization (ISO)
Responsible for a wide range of standards such as the Open System Interconnection (OSI) model and international relationship with the American National Standards Institute (ANSI) on X.509.
Internet Engineering Task Force (IETF)
The main standards organization for the Internet. The IETF is an open, international community of network designers, operators, vendors, and researchers who coordinate the operation, management, and evolution of the Internet. They also resolve short- and mid-range protocol and architectural issues and are a major source of proposals for protocol standards.
Internet Message Access Protocol (IMAP)
An Internet protocol for retrieving email that is stored on an email server. A newer protocol than POP.
Internet Protocol (IP) address
An identifying number for a computer or other device on a TCP/IP network. The format of an IP address is a 32-bit numeric address written as four numbers separated by periods. Each number can be zero to 255. For example, 192.168.1.1 could be an IP address.
introducer
A person or organization allowed to vouch for the authenticity of someone"s public key. An individual designates introducers by signing their public key.
key
A digital code used to encrypt and sign and decrypt and verify messages and files. Keys come in keypairs and are stored on keyrings.
key escrow
A key recovery mechanism that works by simply keeping copies of keys.
key exchange
A scheme for two or more nodes to transfer a secret session key across an unsecured channel.
key length
The number of bits representing the key size; the longer the key, the stronger it is.
key management
The process and procedure for safely storing and distributing accurate cryptographic keys; the overall process of generating and distributing cryptographic key to authorized recipients in a secure manner.
keypair
A public key and its complementary private key. In public-key cryptosystems, such as the PGP system, each user has at least one keypair.
key recovery
A mechanism for retrieving cryptographic keys with the ultimate intent of decrypting ciphertext with them.
keyring
A set of keys. Each user has two types of keyrings: a private keyring and a public keyring.
keyserver
A repository for keys and certificates. Some keyservers, such as keyserver.pgp.com, are available to the public. Many enterprises also have keyservers that are available only to members of the enterprise.
key splitting
A process for dividing portions of a single key between multiple parties, none having the ability to reconstruct the whole key.
Learn Mode
A special mode of the PGP Universal Server where it handles traffic normally (including creating keys for users) but does not encrypt or decrypt any messages.
Lightweight Directory Access Protocol (LDAP)
A protocol that supports access and search operations on directories containing information such as names, phone numbers, and addresses across otherwise incompatible systems over the Internet. PGP Universal supports synchronizing with an existing LDAP directory.
log
To record an action; to enter a record into a log file. A file that lists actions that have occurred. For example, Web servers maintain log files listing every request made to the server.
mail queue
A list of email messages.
Message Authentication Code (MAC)
The symmetric-key equivalent of a digital signature. MACs do not hide data, but they let someone who knows the key know whether it has been modified.
message digest
A compact “distillate” of a message of file checksum. It represents the message such that if the message were altered in any way, a different message digest would be computed from it.
message integrity check (MIC)
Originally defined in Privacy Enhanced Mail (PEM) for authentication using MD2 or MD5. Message integrity calculation (Micalg) is used in secure MIME implementations.
messaging API (MAPI)
A programming interface from Microsoft that enables a client application to send to and receive mail from Microsoft Exchange Server or a Microsoft Mail messaging system.
Multipurpose Internet Mail Extensions (MIME)
An open set of specifications that offers a way to interchange text in languages with different character sets and multimedia email among many different computer systems that use Internet mail standards.
National Institute for Standards and Technology (NIST)
A division of the U.S. Dept. of Commerce that publishes open, interoperability standards called Federal Information Processing Standards (FIPS).
non-repudiation
Preventing the denial of previous commitments or actions.
one-way hash
A function of a variable string to create a fixed length value representing the original pre-image, also called message digest, fingerprint, message integrity check (MIC).
OpenPGP
The IETF standardization of PGP encryption. It consists of two RFCs, 2440 and 3156.
Open PGP/MIME
An IETF standard (RFC 3156) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847.
Organization Key
A special keypair used to sign all user keys that the PGP Universal Server creates and to encrypt server backups. The private key portion of the keypair is used for both functions.
passphrase
An easy-to-remember phrase used for better security than a single password; key crunching converts it into a random key.
password
A sequence of characters or a word that an individual submits to a system for purposes of authentication, validation, or verification.
Privacy Enhanced Mail (PEM)
A protocol to provide secure internet mail, (RFC 1421-1424) including services for encryption, authentication, message integrity, and key management. PEM uses ANSI X.509 certificates.
PGP/MIME
An IETF standard (RFC 2015) that provides privacy and authentication using the Multipurpose Internet Mail Extensions (MIME) security content types described in RFC1847; deployed in PGP 5.0 and later.
PGP
An application and protocol (RFC 2440) for secure email and file encryption developed by Phil R. Zimmermann. Originally published as freeware, the source code has always been available for public scrutiny. PGP uses a variety of algorithms, such as IDEA, RSA, DSA, MD5, and SHA-1 for providing encryption, authentication, message integrity, and key management. PGP is based on the “Web-of-Trust” model and has worldwide deployment.
plaintext
Normal, legible, unencrypted, unsigned text.
Post Office Protocol (POP)
An Internet protocol for retrieving email that is stored on an email server. An older protocol than IMAP.
port
An endpoint to a logical, not physical, connection on TCP/IP networks. The port number identifies what type of port it is. For example, port 80 is used for HyperText Transfer Protocol (HTTP) traffic.
private key
The secret portion of a keypair; used to sign and decrypt information. A user"s private key should be kept secret, known only to the user.
public key
One of two keys in a keypair; used to encrypt information and verify signatures. A user"s public key can be widely disseminated to colleagues or strangers. Knowing a person"s public key does not help anyone discover the corresponding private key.
Public Key Crypto Standards (PKCS)
A set of de facto standards for public key cryptography developed in cooperation with an informal consortium (Apple, DEC, Lotus, Microsoft, MIT, RSA, and Sun) that includes algorithm-specific and algorithm-independent implementation standards. Specifications defining message syntax and other protocols controlled by RSA Data Security Inc.
public key infrastructure (PKI)
A certificate system that verifies and authenticates the validity of each party involved in a transaction.
random number
An important aspect to many cryptosystems, and a necessary element in generating a unique key that is unpredictable to an adversary. True random numbers are usually derived from natural sources and usually involve the use of special hardware.
revocation
Retraction of certification or authorization.
Request for Comment (RFC)
An IETF document, either FYI (For Your Information) RFC sub-series that are overviews and introductory or STD RFC sub-series that identify specify Internet standards. Each RFC has an RFC number by which it is indexed and by which it can be retrieved ( www.ietf.org ).
Rijndael
A block cipher designed by Joan Daemen and Vincent Rijmen, chosen as the new Advanced Encryption Standard (AES). It is considered to be both faster and smaller than its competitors. The key size and block size can be 128-bit, 192-bit, or 256-bit in size and can be increased by increments of 32 bits.
RSA
Short for RSA Data Security, Inc.; or referring to the principals Ron Rivest, Adi Shamir, and Len Adleman; or referring to the algorithm they invented. The RSA algorithm is used in public key cryptography and is based on the fact that it is easy to multiply two large prime numbers together, but hard to factor them out of the product.
secret key
Either the “private key” in public key (asymmetric) algorithms or the “session key” in symmetric algorithms.
secure channel
A means of conveying information from one entity to another such that an adversary does not have the ability to reorder, delete, insert, or read (SSL, IPSec, whispering in someone"s ear).
Secure Multipurpose Mail Extension (S/MIME)
A proposed standard developed by Deming software and RSA Data Security for encrypting and/or authenticating MIME data. S/MIME defines a format for the MIME data, the algorithms that must be used for interoperability (RSA, RC2, SHA-1), and the additional operational concerns such as ANSI X.509 certificates and transport over the Internet.
Secure Shell (SSH)
A program that provides strong authentication and secure connections over insecure networks so that a user can log into another computer over a network, execute commands on a remote machine, or move files from one machine to another.
Secure Socket Layer (SSL)
Developed by Netscape to provide security and privacy over the Internet. Supports server and client authentication and maintains the security and integrity of the transmission channel. Operates at the transport layer and mimics the “sockets library,” allowing it to be application independent. Encrypts the entire communication channel and does not support digital signatures at the message level.
self-signed key
A public key that has been signed by the corresponding private key for proof of ownership.
session key
The secret (symmetric) key used to encrypt each set of data on a transaction basis. A different session key is used for each communication session.
sign
To apply a signature.
signature
A digital code created with a private key. Signatures allow authentication of information by the process of signature verification. When an individual signs a message or file, the PGP program uses his/her private key to create a digital code that is unique to both the contents of the message and the private key. Anyone can use that person"s public key to verify his/her signature.
Simple Mail Transfer Protocol (SMTP)
An Internet protocol for sending email messages. Most Internet email systems use SMTP to send email between email servers. Email clients retrieve email using IMAP or POP.
Simple Object Access Protocol (SOAP)
A lightweight, XML-based messaging protocol for encoding the information in a Web service request and response messages before sending them over a network. SOAP messages are independent of any operating system or protocol and may be sent using many Internet protocols, including HTTP, MIME, or SMTP.
Skipjack
The 80-bit key encryption algorithm contained in NSA"s Clipper chip.
strong passphrase
A passphrase consisting of at least one of each of the following: a lower-case letter, an uppercase letter, a number, and a punctuation mark.
substitution cipher
The characters of the plain text are substituted with other characters to form the cipher text.
symmetric encryption
Also known as conventional, secret key, and single key algorithms; the encryption and decryption key are either the same or can be calculated from one another. Two sub-categories exist: block and stream.
timestamping
Recording the time of creation or existence of information.
Transport Layer Security (TLS) Protocol
Provides communications privacy over the Internet. It allows client/server applications to communicate in a way designed to prevent eavesdropping, tampering, or message forgery. Defined in RFC 2246; based on the Secure Sockets Layer (SSL) version 3.0 protocol.
transposition cipher
The plaintext remains the same, but the order of the characters is transposed.
TripleDES
An encryption configuration in which the Data Encryption Standard (DES) algorithm is used three times with three different keys. Also known as 3DES.
trusted
A public key is said to be trusted if it has been validated by an individual or by someone that individual has designated as an introducer.
trusted introducer
Someone an individual trusts to provide him/her with keys that are valid. When a trusted introducer signs another person"s key, users can trust that the person"s key is valid and do not need to verify the key before using it.
Twofish
A new 256-bit block cipher, symmetric algorithm. Twofish was one of five algorithms the U.S. National Institute of Standards and Technology (NIST) considered for the Advanced Encryption Standard (AES).
user identification
A text phrase that identifies a keypair. For example, one common format for a user ID is the owner"s name and email address. The user ID helps users (both the owner and colleagues) identify the owner of the keypair.
username
The name by which a user is identified by a particular system. One person can have a different name for each system on which he/she participates.
validation
A means to provide timeliness of authorization to use or manipulate information or resources.
validity
Indicates the level of confidence that a key actually belongs to the alleged owner.
verification
The act of comparing a signature created with a private key to its public key. Verification proves the information was actually sent by the signer and the message has not been subsequently altered by anyone else.
Web of Trust
A distributed trust model used by the PGP system to validate the ownership of a public key where the level of trust is cumulative, based on the individuals" knowledge of the introducers.
X.509
An International Telecommunications Union Telecommunication Standardization Sector (ITU-T) digital certificate that is an internationally recognized electronic document used to prove identity and public key ownership over a communication network. It contains the issuer"s name, the user"s identifying information, and the issuer"s digital signature, as well as other possible extensions.
PGP Corporation
200 Jefferson Dr.
Menlo Park, CA 94025 USA
Tel: +1 650 319 9000
Fax: +1 650 319 9001
Sales: +1 877 228 9747
Support: support.pgp.com
Website: www.pgp.com
© 2005 PGP Corporation
All rights reserved. No part of this document may be reproduced, stored in a retrieval system, or transmitted in any form by any means without the prior written approval of PGP Corporation.
The information described in this document may be protected by one or more U.S. patents, foreign patents, or pending applications.
PGP and the PGP logo are registered trademarks of PGP Corporation. Product and brand names used in the document may be trademarks or registered trademarks of their respective owners. Any such trademarks or registered trademarks are the sole property of their respective owners.
The information in this document is provided “as is” without warranty of any kind, either express or implied, including, but not limited to, the implied warranties of merchantability, fitness for a particular purpose, or non-infringement.
This document could include technical inaccuracies or typographical errors.
All strategic and product statements in this document are subject to change at PGP Corporation's sole discretion, including the right to alter or cancel features, functionality, or release dates.
Changes to this document may be made at any time without notice.
| 
