Encryption and Key Management

This section covers encryption, certificates, signatures, hashing, and key-management vocabulary.

Use it when the question is about protecting data, proving integrity, establishing trust, or managing cryptographic material.

Core Articles

• Symmetric Encryption
• Asymmetric Encryption
• Public Key Infrastructure
• Digital Certificate
• Certificate Authority
• Key Rotation
• Hashing
• Digital Signature
• TLS
• Perfect Forward Secrecy
• Key Escrow
• Hardware Security Module
• Certificate Revocation
• Online Certificate Status Protocol
• Salting
• Mutual TLS
• Envelope Encryption
• Certificate Transparency
• Certificate Pinning
• Secure Transport

Start With Certificate Trust

If your main question is how certificate-based trust actually works, use this route:

1. Public Key Infrastructure
2. Certificate Authority
3. Digital Certificate
4. TLS
5. Certificate Revocation
6. Online Certificate Status Protocol
7. Mutual TLS

Bridge Into Network Security

These topics connect directly to Firewall, Web Application Firewall, Virtual Private Network, and Zero Trust Network Access because trust, certificates, and transport protection are part of real network defense.

Trace A Suspicious Certificate

If the question starts with “why did this certificate show up?” use this route:

1. Digital Certificate
2. Certificate Authority
3. Certificate Transparency
4. Certificate Revocation
5. Online Certificate Status Protocol

Protect Passwords And High-Value Keys

If the question is about storing passwords safely or protecting central encryption keys, use this route:

1. Hashing
2. Salting
3. Envelope Encryption
4. Hardware Security Module
5. Key Rotation

Learn The Core Cryptography Roles

If the question is “which cryptographic tool does what?” use this route:

1. Symmetric Encryption
2. Asymmetric Encryption
3. Digital Signature
4. Secure Transport
5. Perfect Forward Secrecy
6. Key Rotation

In this section

• Asymmetric Encryption with Key Pairs
  Encryption that uses public and private key pairs so trust is possible without sharing one secret key.
• Certificate Authority
  A certificate authority issues and signs certificates that other systems may trust as part of a public key infrastructure.
• Certificate Pinning for Client Trust
  Certificate pinning is a trust restriction that tells an application to accept only specific certificates or public keys for a destination instead of relying on the full public trust store alone.
• Certificate Revocation in PKI
  Certificate revocation is the process of marking a certificate as no longer trustworthy before its normal expiration date.
• Certificate Transparency for Trust Visibility
  Certificate Transparency is a public certificate-logging approach that makes certificate issuance easier to observe and investigate when unexpected trust events occur.
• Digital Certificates and Identity Binding
  Certificate that binds a public key to an identity so systems can decide whether to trust it.
• Digital Signatures for Integrity
  Cryptographic signature that proves origin and detects whether data changed after signing.
• Envelope Encryption for Scalable Key Control
  Envelope encryption is a design where data is encrypted with one key and that key is then protected with another key used for stronger centralized control.
• Hardware Security Modules for Key Protection
  A hardware security module is a dedicated device or managed service designed to protect cryptographic keys and perform sensitive cryptographic operations.
• Hashing for Integrity and Verification
  Hashing transforms input data into a fixed-length digest used for integrity checks, comparison, and secure password-storage workflows.
• Key Escrow for Recovery Access
  Key escrow is the practice of storing a recoverable copy of a cryptographic key with a trusted authority or process.
• Key Rotation for Cryptographic Safety
  Key rotation is the practice of replacing cryptographic keys on a defined schedule or when risk changes so long-lived exposure is reduced.
• Mutual TLS
  Mutual TLS is a form of TLS in which both sides of a connection authenticate with certificates instead of only the server doing so.
• Online Certificate Status Protocol
  The Online Certificate Status Protocol is a way for systems to check whether a certificate has been revoked without relying only on expiration dates.
• Perfect Forward Secrecy in TLS
  Perfect forward secrecy helps ensure that compromise of a long-term key does not automatically expose past encrypted sessions.
• Public Key Infrastructure
  Public key infrastructure is the trust framework that manages key pairs, certificates, and authorities so systems can verify identity and establish trust.
• Salting for Password Storage
  Salting is the practice of adding unique random data to a value before hashing it so identical inputs do not produce the same stored result.
• Secure Transport for Data in Transit
  Secure transport is the broader practice of protecting data while it moves between systems so communication remains confidential, intact, and appropriately authenticated.
• Symmetric Encryption with Shared Keys
  Encryption that uses one shared secret for both encryption and decryption, making key control central to safety.
• Transport Layer Security (TLS)
  TLS is the protocol family widely used to protect data in transit by authenticating endpoints and establishing encrypted communication.