Bookmark and Share

Front Back
Symmetrical encryption algorithms
Use the same key for encrypting and decrypting
data. Examples: DES, 3DES, AES, IDEA
Asymmetrical encryption
Uses a public and private key. One key encrypts
the data, and the other key in the pair is used to
decrypt. Examples: RSA, Diffie-Hellman
Digital signature
Encryption of hash using private key, and
decryption of hash with the sender’s public key.
Example: RSA signatures
Diffie-Hellman key exchange
Uses a public-private key pair asymmetrical
algorithm, but creates final shared secrets (keys)
that are then used by symmetrical algorithms.
Example: Used as one of the many services of IPsec
Encryption algorithms provide this by turning
clear text into cipher text.
Examples:DES, 3DES, AES, RSA, IDEA
Data integrity
Validates data by comparing hash values.
Examples: MD5, SHA-1
Verifies the peer’s identity to the other peer. Examples: PSKs, RSA signatures
RSA digital signatures
Using its private key to encrypt a generated hash, a digital signature is
created. The receiver uses the public key of the sender to validate the
digital signature and verify the identity of the peer.
Digital certificate
File that contains the public key of the entity, a serial number, and the
signature of the CA that issued the certificate
Public and private keys
Used as a pair to encrypt and decrypt data in an asymmetrical fashion.
Certificate authority
The CA’s job is to fulfill certificate requests and generate the digital
certificates for its clients to use. It also maintains a list of valid
certificates that have been issued, and maintains a CRL listing any
revoked certificates.
A common certificate format used today.
Subordinate CA/RA
Assistant to the CA, which can issue certificates to clients. Clients
need both the certificates from the root and the subordinate to verify
signatures all the way to the root. Used in a hierarchical PKI topology.
Public Key Cryptography Standards, agreed to and implemented by
vendors who want the ability to have compatibility with other devices in
the PKI.
x of y cards