Encryption and Key Management
Terms for encryption, hashing, certificates, keys, signatures, and the trust mechanisms used to protect data and communication.
Encryption and Key Management
This section covers encryption, certificates, signatures, hashing, and key-management vocabulary.
Use it when the question is about protecting data, proving integrity, establishing trust, or managing cryptographic material.
Core Articles
Bridge Into Network Security
These topics connect directly to Firewall, Web Application Firewall, Virtual Private Network, and Zero Trust Network Access because trust, certificates, and transport protection are part of real network defense.
In this section
- Asymmetric Encryption
Asymmetric encryption uses a public and private key pair so data can be protected or verified without sharing one single secret key.
- Certificate Authority
A certificate authority issues and signs certificates that other systems may trust as part of a public key infrastructure.
- Certificate Pinning
Certificate pinning is a trust restriction that tells an application to accept only specific certificates or public keys for a destination instead of relying on the full public trust store alone.
- Certificate Revocation
Certificate revocation is the process of marking a certificate as no longer trustworthy before its normal expiration date.
- Certificate Transparency
Certificate Transparency is a public logging approach that helps detect whether certificates have been issued in ways that should be reviewed or questioned.
- Digital Certificate
A digital certificate binds a public key to an identity so systems can evaluate whether they should trust that key.
- Digital Signature
A digital signature uses cryptographic keys to help prove who signed data and whether that data changed afterward.
- Envelope Encryption
Envelope encryption is a design where data is encrypted with one key and that key is then protected with another key used for stronger centralized control.
- Hardware Security Module
A hardware security module is a dedicated device or managed service designed to protect cryptographic keys and perform sensitive cryptographic operations.
- Hashing
Hashing transforms input data into a fixed-length value that is useful for integrity checks, comparison, and secure password-storage workflows.
- Key Escrow
Key escrow is the practice of storing a recoverable copy of a cryptographic key with a trusted authority or process.
- Key Rotation
Key rotation is the practice of replacing cryptographic keys on a defined schedule or when risk changes so long-lived exposure is reduced.
- Mutual TLS
Mutual TLS is a form of TLS where both sides of the connection authenticate with certificates instead of only the server doing so.
- Online Certificate Status Protocol
The Online Certificate Status Protocol is a way for systems to check whether a certificate has been revoked without relying only on expiration dates.
- Perfect Forward Secrecy
Perfect forward secrecy helps ensure that compromise of a long-term key does not automatically expose past encrypted sessions.
- Public Key Infrastructure
Public key infrastructure is the trust framework that manages key pairs, certificates, and authorities so systems can verify identity and establish trust.
- Salting
Salting is the practice of adding unique random data to a value before hashing it so identical inputs do not produce the same stored result.
- Secure Transport
Secure transport is the broader practice of protecting data while it moves between systems so communication remains confidential, intact, and appropriately authenticated.
- Symmetric Encryption
Symmetric encryption protects data by using the same secret key to encrypt and decrypt the information.
- TLS
TLS is the protocol family widely used to protect data in transit by authenticating endpoints and establishing encrypted communication.