1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
|
Glossary
========
.. glossary::
:sorted:
plaintext
User-readable data you care about.
ciphertext
The encoded data, it's not user readable. Potential attackers are able
to see this.
encryption
The process of converting plaintext to ciphertext.
decryption
The process of converting ciphertext to plaintext.
key
Secret data is encoded with a function using this key. Sometimes
multiple keys are used. These **must** be kept secret, if a key is
exposed to an attacker, any data encrypted with it will be exposed.
symmetric cryptography
Cryptographic operations where encryption and decryption use the same
key.
public-key cryptography
asymmetric cryptography
Cryptographic operations where encryption and decryption use different
keys. There are separate encryption and decryption keys. Typically
encryption is performed using a :term:`public key`, and it can then be
decrypted using a :term:`private key`. Asymmetric cryptography can also
be used to create signatures, which can be generated with a
:term:`private key` and verified with a :term:`public key`.
public key
This is one of two keys involved in :term:`public-key cryptography`. It
can be used to encrypt messages for someone possessing the
corresponding :term:`private key` and to verify signatures created with
the corresponding :term:`private key`. This can be distributed
publicly, hence the name.
private key
This is one of two keys involved in :term:`public-key cryptography`. It
can be used to decrypt messages which were encrypted with the
corresponding :term:`public key`, as well as to create signatures,
which can be verified with the corresponding :term:`public key`. These
**must** be kept secret, if they are exposed, all encrypted messages
are compromised, and an attacker will be able to forge signatures.
authentication
The process of verifying that a message was created by a specific
individual (or program). Like encryption, authentication can be either
symmetric or asymmetric. Authentication is necessary for effective
encryption.
ciphertext indistinguishability
This is a property of encryption systems whereby two encrypted messages
aren't distinguishable without knowing the encryption key. This is
considered a basic, necessary property for a working encryption system.
text
This type corresponds to ``unicode`` on Python 2 and ``str`` on Python
3. This is equivalent to ``six.text_type``.
nonce
A nonce is a **n**\ umber used **once**. Nonces are used in many
cryptographic protocols. Generally, a nonce does not have to be secret
or unpredictable, but it must be unique. A nonce is often a random
or pseudo-random number (see :doc:`Random number generation
</random-numbers>`). Since a nonce does not have to be unpredictable,
it can also take a form of a counter.
opaque key
An opaque key is a type of key that allows you to perform cryptographic
operations such as encryption, decryption, signing, and verification,
but does not allow access to the key itself. Typically an opaque key is
loaded from a `hardware security module`_ (HSM).
A-label
The ASCII compatible encoded (ACE) representation of an
internationalized (unicode) domain name. A-labels begin with the
prefix ``xn--``. To create an A-label from a unicode domain string use
a library like `idna`_.
bits
A bit is binary value -- a value that has only two possible states.
Typically binary values are represented visually as 0 or 1, but
remember that their actual value is not a printable character. A byte
on modern computers is 8 bits and represents 256 possible values. In
cryptographic applications when you see something say it requires a 128
bit key, you can calculate the number of bytes by dividing by 8. 128
divided by 8 is 16, so a 128 bit key is a 16 byte key.
bytes-like
A bytes-like object contains binary data and supports the
`buffer protocol`_. This includes ``bytes``, ``bytearray``, and
``memoryview`` objects.
U-label
The presentational unicode form of an internationalized domain
name. U-labels use unicode characters outside the ASCII range and
are encoded as A-labels when stored in certificates.
.. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module
.. _`idna`: https://pypi.org/project/idna/
.. _`buffer protocol`: https://docs.python.org/3/c-api/buffer.html
|