NetAction's Guide to Using Encryption Software

Cryptography Terms

Defined below are some of the terms used throughout this guide. For a more comprehensive look at cryptography terms, try some of the following sites:

Follow the link from the term to read more about it (often on another site).

The American Heritage Dictionary defines an algorithm as "a step-by-step problem-solving procedure, especially an established, recursive computational procedure for solving a problem in a finite number of steps." In the context of encryption, an algorithm is the mathematical formula used to scramble and unscramble data. It typically has two elements: data (for example, an email message that you want to encrypt or decrypt) and a key.
Asymmetric Cryptography (Also known as public key cryptography.)
Encryption software that requires two keys: a public key and a private key. Encryption software users distribute their public key, but keep their private key to themselves. When someone wants to send an encrypted message, the sender uses the recipient's public key to encrypt the message, which can only be decrypted by the person who holds the corresponding private key. For example, Jack makes public key A and private key A, and Jill makes public key B and private key B. Jack and Jill exchange their public keys. Once they have exchanged keys, Jack can send an encrypted message to Jill by using Jill's public key B to scramble the message. Jill uses her private key B to unscramble it. If Jill wants to send an encrypted message to Jack, she uses Jack's public key A to scramble her message, which Jack can then unscramble with his private key A. Asymmetric cryptography is typically slower to execute electronically than symmetric cryptography.
Assuring that a message has not been modified in transit or while stored on a computer is referred to as authentication. It is one of the objectives of cryptography. (This is referred to as message authentication or message integrity.) Assuring that a public key really belongs to a specific individual, or that a specific individual has the right to send a particular encrypted message is another type of authentication.
Back Door
A "back door" is a software function that allows someone to decrypt data without the key. In some cases, software creators intentionally include this function in software. Software that has a back door is not secure. Read more about this in the vulnerabilities section.
A certificate is a data file that identifies an individual, organization, or business. Certificates are obtained from specialized certificate-issuing companies such as VeriSign, and can be used to encrypt data and/or confirm the certificate owner's identity.
Cipher, Block Cipher, Stream Cipher
A method of encryption and decryption, a.k.a. encryption algorithm.
Unencrypted text, a.k.a. plaintext.
The Free On-line Dictionary of Computing defines a cracker as someone who attempts to gain unauthorized access to a computer system. These individuals often have malicious reasons for breaking into a system. (For example, to obtain a list of Social Security numbers or bank accounts.)
The testing of cryptography. An algorithm or program is said to have been cryptanalyzed if cryptographers have tested it for vulnerabilities.
Digital Signature
A small piece of code that is used to authenticate the sender of data. Digital signatures are created with encryption software for verification purposes. A private key is used to create a digital signature, and a corresponding public key can be used to verify that the signature was really generated by the holder of the private key. See asymmetric cryptography.
Digital Signature Standard (DSS)
DSS is the U.S. government's standard for authenticating a digital signature.
FTP (File Transfer Protocol)
FTP is an old but still widely used method for sending data across the Internet. The protocol itself has no security, so any login and password information is sent as plaintext. This means that if the login/password transmission is intercepted the security of any data stored on the FTP server may be compromised. There are ways to add security to FTP transmissions, but they require special software for both the server and the client (the computer that stores data and the computer that sends and receives data). Web browsers can also act as FTP clients. If your Web browser's address bar starts with "ftp://" instead of "http://" you are connected to an FTP server.
A specific string of data that is used to encrypt and decrypt messages, documents or other types of electronic data. Keys have varying levels of strength. Keys having higher numbers of bits are theoretically tougher to break because there are more possible permutations of data bits. (Since bits are binary, the number of possible permutations for a key of x bits is 2x.) The specific way a key is used depends on whether it's used with asymmetric or symmetric cryptography.
A set of keys. In asymmetric encryption software, separate keyrings are used to store private keys and public keys
PGP (Pretty Good Privacy)
PGP is the de facto standard for software encryption. It is available in a variety of versions, some of which can be downloaded for free from Web sites, others of which are sold commercially. Because it is so widely used, PGP is one of the most heavily cryptanalyzed encryption programs in the world. (This means that countless cryptographers and programmers have so far been unable to break it.) Check our reviews page for details.
Unencrypted text, a.k.a. cleartext.
Private Key
Private keys, a.k.a. secret keys, are used in asymmetric cryptography. One of their primary purposes is to enable someone to use a public key to encrypt data that can only be decrypted by the owner of the corresponding private key. Private keys should not be distributed. See asymmetric cryptography.
Public Key
Public keys are used in asymmetric cryptography. One of their primary purposes is to enable someone to encrypt messages intended for the owner of the public key. Public keys are meant for distribution, so anyone who wants to send an encrypted message to the owner of the public key can do so, but only the owner of the corresponding private key can decrypt the message. See asymmetric cryptography.
Secret Key
See private key.
Self-Decrypting Archive
A self-decrypting archive is similar to the self-extracting archive that is typically used with software that is downloaded from the Internet. It contains an archive with one or more files that will automatically open and decrypt with the appropriate key or password. The advantage of a self-decrypting archive is that the recipient doesn't need special software to decrypt files. Typically, the self-decrypting archive software prompts the recipient for a password, and extracts its contents if the password is correct.
See digital signature.
SSH (Secure Shell)
SSH, like Telnet, is a protocol that allows someone using one computer to remotely operate another computer. Unlike Telnet, however, it uses secure (encrypted) transmissions.
Symmetric Cryptography
A method of encryption in which a single key is used to scramble and unscramble data. One weakness of symmetric cryptography is that the user has to distribute the key to the recipient without letting it fall into the wrong hands. The user can do this by encrypting the key itself, but then another key will be needed to decrypt the first one. See also asymmetric cryptography.
Telnet is a protocol that allows someone using one computer to remotely operate another computer. Like FTP, Telnet is not secure. Security is possible by using special Telnet server/client software or an alternative protocol (like SSH).
Web of Trust
An informal means of confirming the identity of someone with whom you communicate electronically. In asymmetric cryptography, one of the biggest concerns is ensuring that the person who claims to be John Doe is really John Doe. Jane Doe can verify that John Doe is really John Doe by non-electronic means, such as by phone. If Jane Doe knows that John Doe has taken similar steps to verify that Jack Smith and Jill Jones are who they claim to be, then Jane Doe may trust his contacts, as well. This is referred to as a Web of Trust.

Acronyms and terms that you have encountered in this guide that are not listed here may be encryption standards or algorithms. For more information please see Appendix B: What are the different kinds of algorithms that encryption software programs utilize?

Next: Appendix A: "Brute Force" Cracking | Back to Guide