1Glossary
2========
3
4.. glossary::
5    :sorted:
6
7    plaintext
8        User-readable data you care about.
9
10    ciphertext
11        The encoded data, it's not user readable. Potential attackers are able
12        to see this.
13
14    encryption
15        The process of converting plaintext to ciphertext.
16
17    decryption
18        The process of converting ciphertext to plaintext.
19
20    key
21        Secret data is encoded with a function using this key. Sometimes
22        multiple keys are used. These **must** be kept secret, if a key is
23        exposed to an attacker, any data encrypted with it will be exposed.
24
25    symmetric cryptography
26        Cryptographic operations where encryption and decryption use the same
27        key.
28
29    public-key cryptography
30    asymmetric cryptography
31        Cryptographic operations where encryption and decryption use different
32        keys. There are separate encryption and decryption keys. Typically
33        encryption is performed using a :term:`public key`, and it can then be
34        decrypted using a :term:`private key`. Asymmetric cryptography can also
35        be used to create signatures, which can be generated with a
36        :term:`private key` and verified with a :term:`public key`.
37
38    public key
39        This is one of two keys involved in :term:`public-key cryptography`. It
40        can be used to encrypt messages for someone possessing the
41        corresponding :term:`private key` and to verify signatures created with
42        the corresponding :term:`private key`. This can be distributed
43        publicly, hence the name.
44
45    private key
46        This is one of two keys involved in :term:`public-key cryptography`. It
47        can be used to decrypt messages which were encrypted with the
48        corresponding :term:`public key`, as well as to create signatures,
49        which can be verified with the corresponding :term:`public key`. These
50        **must** be kept secret, if they are exposed, all encrypted messages
51        are compromised, and an attacker will be able to forge signatures.
52
53    authentication
54        The process of verifying that a message was created by a specific
55        individual (or program). Like encryption, authentication can be either
56        symmetric or asymmetric. Authentication is necessary for effective
57        encryption.
58
59    ciphertext indistinguishability
60        This is a property of encryption systems whereby two encrypted messages
61        aren't distinguishable without knowing the encryption key. This is
62        considered a basic, necessary property for a working encryption system.
63
64    text
65        This type corresponds to ``unicode`` on Python 2 and ``str`` on Python
66        3.  This is equivalent to ``six.text_type``.
67
68    nonce
69        A nonce is a **n**\ umber used **once**. Nonces are used in many
70        cryptographic protocols. Generally, a nonce does not have to be secret
71        or unpredictable, but it must be unique. A nonce is often a random
72        or pseudo-random number (see :doc:`Random number generation
73        </random-numbers>`). Since a nonce does not have to be unpredictable,
74        it can also take a form of a counter.
75
76    opaque key
77        An opaque key is a type of key that allows you to perform cryptographic
78        operations such as encryption, decryption, signing, and verification,
79        but does not allow access to the key itself. Typically an opaque key is
80        loaded from a `hardware security module`_ (HSM).
81
82    A-label
83        The ASCII compatible encoded (ACE) representation of an
84        internationalized (unicode) domain name. A-labels begin with the
85        prefix ``xn--``. To create an A-label from a unicode domain string use
86        a library like `idna`_.
87
88    bits
89        A bit is binary value -- a value that has only two possible states.
90        Typically binary values are represented visually as 0 or 1, but
91        remember that their actual value is not a printable character. A byte
92        on modern computers is 8 bits and represents 256 possible values. In
93        cryptographic applications when you see something say it requires a 128
94        bit key, you can calculate the number of bytes by dividing by 8. 128
95        divided by 8 is 16, so a 128 bit key is a 16 byte key.
96
97    bytes-like
98        A bytes-like object contains binary data and supports the
99        `buffer protocol`_. This includes ``bytes``, ``bytearray``, and
100        ``memoryview`` objects.
101
102    U-label
103        The presentational unicode form of an internationalized domain
104        name. U-labels use unicode characters outside the ASCII range and
105        are encoded as A-labels when stored in certificates.
106
107.. _`hardware security module`: https://en.wikipedia.org/wiki/Hardware_security_module
108.. _`idna`: https://pypi.org/project/idna/
109.. _`buffer protocol`: https://docs.python.org/3/c-api/buffer.html
110