Glossary

CAServer

The Certification Authority. In this document it is used to describe the CA as described in Figure 4-1

RAServer

The Registration Authority. In this document it is used to describe the RA as described in Figure 4-1

RAOperator

The front–end of the Registration Authority that interacts with the users. In this document its functionality is described at Figure 4-1

Authentication

The positive identification of a network entity such as a server, a client, or a user. In SSL context the server and client Certificate verification process.

Algorithm

An unambiguous formula or set of rules for solving a problem in a finite number of steps. Algorithms for encryption are usually called Ciphers.

Certificate

In cryptography, an electronic document binding some pieces of information together, such as a user's identity and public key. Certifying Authorities (CA's) provide certificates.

Certification Authority (CA)

An entity that attests to the identity of a person or an organisation. A Certificate Authority might be an external company such as VeriSign that offers certificate services or they might be an internal organisation such as a corporate MIS department. The Certificate Authority's chief function is to verify the identity of entities and issue digital certificates attesting to that identity.

The acronym CA can be found in different variations.

  • Certification Authority (Used in this document and found in most documents)

  • Certifying Authority (Found in the RSA Security Crypto FAQ

  • Certificate Authority (Found in various documents)

Certificate Signing Request (CSR)

An unsigned certificate for submission to a Certification Authority, which signs it with the Private Key of their CA Certificate. Once the CSR is signed, it becomes a real certificate.

Cipher

An algorithm or system for data encryption. Examples are DES, IDEA, RC4, etc.

Ciphertext

The result of the encryption of ciphertext, using a cipher.

Configuration Directive

A configuration command that controls one or more aspects of a program's behavior. In Apache context these are all the command names in the first column of the configuration files.

DER format

A binary format to encode certificates.

Digital Signature

The encryption of a message digest with a private key.

Digital Timestamp

An electronic record that mathematically links a document to a time and date.

Export–Crippled

Diminished in cryptographic strength (and security) in order to comply with the United States' Export Administration Regulations (EAR). Export–crippled cryptographic software is limited to a small key size, resulting in Ciphertext which usually can be decrypted by brute force.

Currently there is draft policy in the United States that provides substantial freedom to the availability of cryptographic software. This policy remains to be finalised and voted in order to become effective.

Fully–Qualified Domain–Name (FQDN)

The unique name of a network entity, consisting of a hostname and a domain name that can resolve to an IP address. For example, www is a hostname, whatever.com is a domain name, and www.whatever.com is a fully–qualified domain name.

HyperText Transfer Protocol (HTTP)

The HyperText Transport Protocol is the standard transmission protocol used on the World Wide Web.

HTTPS

The HyperText Transport Protocol (Secure), the standard encrypted communication mechanism on the World Wide Web. This is actually just HTTP over SSL.

Lightweight Directory Access Protocol (LDAP)

LDAP is a specification for a client–server protocol to retrieve and manage directory information.

Message Digest

A hash of a message, which can be used to verify that the contents of the message have not been altered in transit.

OpenLDAP

OpenLDAP is an open–implementation of LDAP. It provides a stand–alone LDAP server, a stand–alone LDAP replication server, libraries implementing the LDAP protocol and other relevant software. For more information on OpenLDAP, see http://www.openldap.org/.

OpenSSL

An open–source implementation of the SSL/TLS protocol. It is based on SSLeay. For more about OpenSSL, see http://www.openssl.org/.

Pass Phrase

The word or phrase that protects private key files. It prevents unauthorized users from encrypting them.

PEM format

A text (ASCII) format that can be used to encode Certificates. It is essentially the Certificate in DER format that has been encoded with Base64 and had a header and footer added.

Plaintext

The text that will be encrypted. If we decrypt succesfully a ciphertext, the result is the plaintext.

Private Key

The secret key in a Public Key Cryptography system, used to decrypt incoming messages and sign outgoing ones.

Public Key

The publically available key in a Public Key Cryptography system, used to encrypt messages bound for its owner and to verify signatures made by its owner.

Public Key Cryptography

The study and application of asymmetric encryption systems, which use one key for encryption and another for decryption. A corresponding pair of such keys constitutes a key pair. Also called Asymmetric Cryptography.

Public Key Cryptography Standards PKCS

A series of cryptographic standards dealing with public-key issues, published by RSA Laboratories.

Secure Sockets Layer (SSL)

A protocol created by Netscape Communications Corporation for general communication authentication and encryption over TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText Transfer Protocol (HTTP) over SSL.

SSLeay

The original SSL/TLS implementation library developed by Eric A. Young; see http://www.ssleay.org/. Now it has been renamed to OpenSSL; see OpenSSL.

Symmetric Cryptography

The study and application of Ciphers that use a single secret key for both encryption and decryption operations.

Transport Layer Security (TLS)

The successor protocol to SSL, created by the Internet Engineering Task Force (IETF) for general communication authentication and encryption over TCP/IP networks. The current version, TLS version 1, is nearly identical with SSL version 3.

Trusted Third Party (TTP)

Another description for the Certification Authority that stresses that the keeper of the CA private key should be an organisation or an entity that has no interests or ties of any kind with the clients.

Uniform Resource Locator (URL)

The formal identifier to locate various resources on the World Wide Web. The most popular URL scheme is http. SSL uses the scheme HTTPS.

X.509

An authentication certificate scheme recommended by the International Telecommunication Union (ITU–T) which is used for SSL/TLS authentication.