Encryption-and-Key-Management

Encryption that uses one shared secret for both encryption and decryption, making key control central to safety.

Encryption that uses public and private key pairs so trust is possible without sharing one secret key.

Public key infrastructure is the trust framework that manages key pairs, certificates, and authorities so systems can verify identity and establish trust.

Certificate that binds a public key to an identity so systems can decide whether to trust it.

A certificate authority issues and signs certificates that other systems may trust as part of a public key infrastructure.

Key rotation is the practice of replacing cryptographic keys on a defined schedule or when risk changes so long-lived exposure is reduced.

Hashing transforms input data into a fixed-length digest used for integrity checks, comparison, and secure password-storage workflows.

Cryptographic signature that proves origin and detects whether data changed after signing.

TLS is the protocol family widely used to protect data in transit by authenticating endpoints and establishing encrypted communication.

Perfect forward secrecy helps ensure that compromise of a long-term key does not automatically expose past encrypted sessions.

Key escrow is the practice of storing a recoverable copy of a cryptographic key with a trusted authority or process.

A hardware security module is a dedicated device or managed service designed to protect cryptographic keys and perform sensitive cryptographic operations.

Certificate revocation is the process of marking a certificate as no longer trustworthy before its normal expiration date.

The Online Certificate Status Protocol is a way for systems to check whether a certificate has been revoked without relying only on expiration dates.

Salting is the practice of adding unique random data to a value before hashing it so identical inputs do not produce the same stored result.

Mutual TLS is a form of TLS in which both sides of a connection authenticate with certificates instead of only the server doing so.

Envelope encryption is a design where data is encrypted with one key and that key is then protected with another key used for stronger centralized control.

Certificate Transparency is a public certificate-logging approach that makes certificate issuance easier to observe and investigate when unexpected trust events occur.

Certificate pinning is a trust restriction that tells an application to accept only specific certificates or public keys for a destination instead of relying on the full public trust store alone.

Secure transport is the broader practice of protecting data while it moves between systems so communication remains confidential, intact, and appropriately authenticated.