1Glossary 2======== 3 4.. glossary:: 5 :sorted: 6 7 plaintext 8 User-readable data you care about. 9 10 ciphertext 11 The encoded data, it's not user readable. Potential attackers are able 12 to see this. 13 14 encryption 15 The process of converting plaintext to ciphertext. 16 17 decryption 18 The process of converting ciphertext to plaintext. 19 20 key 21 Secret data is encoded with a function using this key. Sometimes 22 multiple keys are used. These **must** be kept secret, if a key is 23 exposed to an attacker, any data encrypted with it will be exposed. 24 25 symmetric cryptography 26 Cryptographic operations where encryption and decryption use the same 27 key. 28 29 public-key cryptography 30 asymmetric cryptography 31 Cryptographic operations where encryption and decryption use different 32 keys. There are separate encryption and decryption keys. Typically 33 encryption is performed using a :term:`public key`, and it can then be 34 decrypted using a :term:`private key`. Asymmetric cryptography can also 35 be used to create signatures, which can be generated with a 36 :term:`private key` and verified with a :term:`public key`. 37 38 public key 39 This is one of two keys involved in :term:`public-key cryptography`. It 40 can be used to encrypt messages for someone possessing the 41 corresponding :term:`private key` and to verify signatures created with 42 the corresponding :term:`private key`. This can be distributed 43 publicly, hence the name. 44 45 private key 46 This is one of two keys involved in :term:`public-key cryptography`. It 47 can be used to decrypt messages which were encrypted with the 48 corresponding :term:`public key`, as well as to create signatures, 49 which can be verified with the corresponding :term:`public key`. These 50 **must** be kept secret, if they are exposed, all encrypted messages 51 are compromised, and an attacker will be able to forge signatures. 52 53 authentication 54 The process of verifying that a message was created by a specific 55 individual (or program). Like encryption, authentication can be either 56 symmetric or asymmetric. Authentication is necessary for effective 57 encryption. 58 59 ciphertext indistinguishability 60 This is a property of encryption systems whereby two encrypted messages 61 aren't distinguishable without knowing the encryption key. This is 62 considered a basic, necessary property for a working encryption system. 63 64 text 65 This type corresponds to ``unicode`` on Python 2 and ``str`` on Python 66 3. This is equivalent to ``six.text_type``. 67 68 nonce 69 A nonce is a **n**\ umber used **once**. Nonces are used in many 70 cryptographic protocols. Generally, a nonce does not have to be secret 71 or unpredictable, but it must be unique. A nonce is often a random 72 or pseudo-random number (see :doc:`Random number generation 73 </random-numbers>`). Since a nonce does not have to be unpredictable, 74 it can also take a form of a counter. 75 76 opaque key 77 An opaque key is a type of key that allows you to perform cryptographic 78 operations such as encryption, decryption, signing, and verification, 79 but does not allow access to the key itself. Typically an opaque key is 80 loaded from a `hardware security module`_ (HSM). 81 82 A-label 83 The ASCII compatible encoded (ACE) representation of an 84 internationalized (unicode) domain name. A-labels begin with the 85 prefix ``xn--``. To create an A-label from a unicode domain string use 86 a library like `idna`_. 87 88 bits 89 A bit is binary value -- a value that has only two possible states. 90 Typically binary values are represented visually as 0 or 1, but 91 remember that their actual value is not a printable character. A byte 92 on modern computers is 8 bits and represents 256 possible values. In 93 cryptographic applications when you see something say it requires a 128 94 bit key, you can calculate the number of bytes by dividing by 8. 128 95 divided by 8 is 16, so a 128 bit key is a 16 byte key. 96 97 bytes-like 98 A bytes-like object contains binary data and supports the 99 `buffer protocol`_. This includes ``bytes``, ``bytearray``, and 100 ``memoryview`` objects. 101 102 U-label 103 The presentational unicode form of an internationalized domain 104 name. U-labels use unicode characters outside the ASCII range and 105 are encoded as A-labels when stored in certificates. 106 107.. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module 108.. _`idna`: https://pypi.org/project/idna/ 109.. _`buffer protocol`: https://docs.python.org/3/c-api/buffer.html 110