Chapter 11 Β· Glossary

Key Terms: Public Key Infrastructure

16 essential terms for symmetric/asymmetric encryption, key pairs, and PKI.

Symmetric Encryption
Encryption where the SAME key is used for both encryption and decryption. Also called a secret key algorithm or shared secret. Fast and efficient but requires the key to be shared securely with all parties who need to decrypt β€” a significant scalability challenge.
Asymmetric Encryption
Encryption using two mathematically related but different keys: a public key and a private key. Data encrypted with the public key can only be decrypted with the private key. Solves the key distribution problem but is slower than symmetric encryption.
Public Key
One half of an asymmetric key pair. Can be freely distributed β€” posted on websites, email signatures, directories. Anyone can use it to encrypt messages or verify signatures. Knowledge of the public key does NOT reveal the private key.
Private Key
One half of an asymmetric key pair. Must be kept strictly secret β€” only the owner should have access. Used to decrypt messages encrypted with the corresponding public key, and to create digital signatures. Often protected by a password.
Key Pair
The combination of a public key and its corresponding private key, generated simultaneously through the same mathematical process. They are mathematically related β€” but you cannot derive one from the other through reverse engineering.
Mathematically Related
The public and private keys are created from the same mathematical operation (involving large prime numbers and randomization), which creates a one-way relationship. Data encrypted with one key can be decrypted with the other β€” but you cannot derive the private key from the public key.
Ciphertext
The encrypted output produced when plaintext is processed with an encryption algorithm and key. Ciphertext cannot be read or understood without the correct decryption key. Even if an attacker intercepts ciphertext AND the public key, they cannot decrypt it without the private key.
Plaintext
The original, unencrypted data β€” a readable message, file, or value. The input to an encryption process. Encryption transforms plaintext into ciphertext. Decryption reverses the process.
Public Key Infrastructure (PKI)
The complete ecosystem of policies, procedures, hardware, and software responsible for creating, distributing, managing, storing, revoking, and performing other operations associated with digital certificates and cryptographic keys.
Certificate Authority (CA)
A trusted organization responsible for issuing and managing digital certificates. The CA verifies the identity of certificate applicants and digitally signs certificates to establish trust. PKI is often built around one or more CAs.
Key Escrow
The practice of storing copies of private keys with a trusted third party or in a secure organizational vault. Allows recovery of encrypted data if the original key owner is unavailable. Used in enterprises where continuity of access to encrypted data is critical.
Key Generation
The process of creating a cryptographic key pair. Involves extensive randomization and operations on very large prime numbers. Both keys are created simultaneously in the same process β€” establishing their mathematical relationship.
Shared Secret
Another name for a symmetric key β€” because the same secret must be shared between all parties who need to encrypt or decrypt. The fundamental weakness: if the secret is intercepted during sharing, the encryption is compromised.
Hybrid Encryption
The practical combination of asymmetric and symmetric encryption: asymmetric encryption is used to securely exchange a symmetric key, then symmetric encryption is used for the bulk data. Used in TLS, HTTPS, VPNs, and most real-world encrypted communication.
PGP / GPG
Pretty Good Privacy / GNU Privacy Guard β€” widely used applications that implement asymmetric encryption for email and file encryption. Both use the public/private key model. A common example of asymmetric encryption in practice.
Scalability Problem (Symmetric)
The challenge of distributing symmetric keys to large numbers of users. With N users, every pair needs a unique key β€” requiring N(N-1)/2 keys. With 10,000 users, that's ~50 million keys. Asymmetric encryption solves this by requiring only one key pair per user.