- Authentication
The positive identification of a network entity such as a
server, a client, or a user. In SSL context, authentication represents the
server and client Certificate verification process.
- Access Control
The restriction of access to network realms. In Apache
context usually the restriction of access to certain URLs.
- Algorithm
An unambiguous formula or set of rules for solving a problem in
a finite number of steps. Algorithms for encryption are usually called
Ciphers.
- Certificate
A data record used for authenticating network entities such as
a server or a client. A certificate contains X.509 information pieces about
its owner (called the subject) and the signing Certificate Authority (called
the issuer), plus the owner's public key and the signature made by the CA.
Network entities verify these signatures using CA certificates.
- Certificate Authority (CA)
A trusted third party whose purpose is to sign
certificates for network entities that it has authenticated using secure
means. Other network entities can check the signature to verify that a CA
has authenticated the bearer of a certificate.
- Certificate Signing Request (CSR)
An unsigned certificate for submission
to a Certification Authority, which signs it with the Private Key of their
CA Certificate. Once the CSR is signed, it becomes a real certificate.
Cipher An algorithm or system for data encryption. Examples are DES, IDEA,
RC4, etc.
- Ciphertext
The result after a Plaintext passed a Cipher.
- Configuration Directive
A configuration command that controls one or more
aspects of a program's behavior. In Apache context these are all the command
names in the first column of the configuration files.
- Cryptography - Symmetric
The client and server use the same key to encrypt and to
decrypt data.
- Cryptography - Asymmetric
Consists of a key pair (public and private). PKI is
Asymmetric Cryptography
- Digital Signatures
A piece of data that is sent with an encrypted message
that identifies the originator and verifies that it has not been altered.
- HTTPS
The HyperText Transport Protocol (Secure), the standard encrypted
communication mechanism on the World Wide Web. This is actually just HTTP
over SSL.
- Message Digest
A hash of a message, which can be used to verify that the
contents of the message have not been altered in transit.
- Non-repudiation
A service that provides proof of the integrity and origin
of data, both in an non-forgeable relationship, which can be verified by any
third party at any time, or, an authentication that with high assurance can
be asserted to be genuine.
A property achieved through cryptographic methods which prevents an
individual or entity from denying having performed a particular action
related to data (such as mechanisms for non-rejection or authority (origin);
for proof of obligation, intent, or commitment, or for proof of ownership).
- OpenSSL
The Open Source toolkit for SSL/TLS; see
http://www.openssl.org/
- Pass Phrase
The word or phrase that protects private key files. It
prevents unauthorized users from encrypting them. Usually it's just the
secret encryption/decryption key used for Ciphers.
- Plaintext
The unencrypted text.
- Private Key
The secret key in a Public Key Cryptography system, used to
decrypt incoming messages and sign outgoing ones.
- Public Key
The publicly available key in a Public Key Cryptography system,
used to encrypt messages bound for its owner and to decrypt signatures made
by its owner.
- Public Key Cryptography
The study and application of asymmetric encryption
systems, which use one key for encryption and another for decryption. A
corresponding pair of such keys constitutes a key pair. Also called
Asymmetric Cryptography.
- Secure Sockets Layer (SSL)
A protocol created by Netscape Communications
Corporation for general communication authentication and encryption over
TCP/IP networks. The most popular usage is HTTPS, i.e. the HyperText
Transfer Protocol (HTTP) over SSL.
- Session
The context information of an SSL communication.
- SSLeay
The original SSL/TLS implementation library developed by Eric A.
Young <eay@aus.rsa.com>;
see
http://www.ssleay.org/
- Symmetric Cryptography
The study and application of Ciphers that use a
single secret key for both encryption and decryption operations.
- Transport Layer Security (TLS)
The successor protocol to SSL, created by
the Internet Engineering Task Force (IETF) for general communication
authentication and encryption over TCP/IP networks. TLS version 1 and is
nearly identical with SSL version 3.
- Uniform Resource Locator (URL)
The formal identifier to locate various
resources on the World Wide Web. The most popular URL scheme is http. SSL
uses the scheme https
- X.509
An authentication certificate scheme recommended by the
International Telecommunication Union (ITU-T) and used for SSL/TLS
authentication.
- ITU-T
Recommendation X.509 [CCI88c] specifies the authentication service for
X.500 directories, as well as the X.509 certificate syntax. Directory
authentication in X.509 can be carried out using either secret-key
techniques or public-key techniques; the latter is based on public-key
certificates. The standard does not specify a particular cryptographic
algorithm, although an informative annex of the standard describes the RSA
algorithm.