Encryption Glossary

Widely adopted symmetric encryption standard used in cloud storage and databases.

Encryption method that uses two keys: a public key for encryption and a private key for decryption.

Encryption technique that protects data and additional metadata.

Short cryptographic value produced by an AEAD mode (such as AES-GCM) that allows the receiver to verify integrity and authenticity during decryption. (NIST Publications)

Encryption algorithm that processes fixed-size blocks of data.

Method that defines how block ciphers process large volumes of data.

Model where customers provide and control encryption keys used by cloud services.

Attempt to break encryption by systematically trying all possible keys.

Encryption mode where each data block depends on the previous encrypted block.

Digital document that verifies identity in encrypted communications.

Trusted entity that issues digital certificates.

Signed list published by a CA identifying certificates that have been revoked before their normal expiration time. (IETF)

Signed request containing a subject name, public key, and optional attributes, submitted to a certificate authority to obtain a certificate. (IETF)

A specific algorithm used for encryption and decryption.

Encrypted data that cannot be interpreted without the correct cryptographic key.

Data encrypted by the client before being sent to a storage or cloud service.

Protecting data during processing using hardware-based secure enclaves.

Study of analyzing and breaking cryptographic systems.

Ability to change encryption algorithms without major system redesign.

Ensuring encryption practices meet industry security standards.

Level of randomness available for generating secure keys.

The discipline of securing information using mathematical techniques such as encryption, hashing, and digital signatures.

Cryptographically secure pseudorandom number generator / deterministic random bit generator used to generate security-critical randomness for keys, IVs, nonces, and seeds.

Encryption mode allowing fast parallel encryption operations.

Encryption keys managed by the customer within a cloud platform.

Encryption keys provided by users during storage operations.

Key used to encrypt actual application or storage data.

Obscuring sensitive information while maintaining its structure.

Encryption mechanisms applied within databases to protect stored records.

Authenticated-encryption construction that does not require nonce-based randomization for each encryption operation; commonly used in specialized cases such as key wrapping. (NIST Computer Security Resource Center)

Technique that protects individual privacy in aggregated datasets.

Cryptographic protocol used to securely exchange encryption keys over networks.

Cryptographic mechanism used to verify authenticity and integrity of data.

Encryption applied to entire storage devices to protect stored data.

Applying multiple independent encryption layers to the same data.

Encryption approach using elliptic curves to achieve strong security with shorter keys.

The process of converting readable data into an unreadable format using cryptographic algorithms to prevent unauthorized access.

Hardware-assisted encryption used to improve performance.

Mathematical procedure used to transform plaintext into ciphertext.

Protecting stored data such as disks, databases, or backups using encryption.

Formal review of encryption implementations and policies.

Recommended security guidelines for implementing encryption effectively.

Meeting regulatory requirements for protecting sensitive data.

Additional authenticated metadata used in encryption operations.

Protecting data while it moves across networks using encryption protocols.

Protecting data while it is actively being processed in memory.

Secret value used by an encryption algorithm to encrypt and decrypt data.

Delay introduced by encryption and decryption operations.

Full lifecycle of encryption systems including key creation, usage, rotation, and retirement.

Delegating encryption tasks to specialized hardware.

Additional computational cost introduced by encryption processes.

Organizational rules governing encryption usage.

Potential vulnerabilities caused by poor key management or outdated algorithms.

Official specification defining approved encryption algorithms.

Rate at which encrypted data can be processed or transmitted.

Encryption method where only communicating endpoints can read the data.

Encryption technique where a data encryption key is protected using a master key.

Encryption applied to individual files rather than entire disks.

U.S. government standards validating cryptographic modules.

Encryption that maintains the original format of the data.

Modern authenticated encryption mode providing both confidentiality and integrity.

Dedicated hardware device designed to securely generate, store, and protect cryptographic keys.

Mathematical function that converts data into a fixed-length digest used for integrity verification.

Message authentication mechanism combining hashing with a secret key.

Model where encryption keys remain entirely under customer control outside the provider environment.

Encryption method allowing computation on encrypted data without decrypting it.

Secure version of HTTP that encrypts web traffic using TLS.

Random value used with encryption algorithms to ensure ciphertext uniqueness.

Encryption applied automatically during data transmission.

Rules that define who can use encryption keys.

Individual or system responsible for protecting and managing encryption keys.

Algorithm that generates cryptographic keys from passwords or shared secrets.

Public-key primitive used to establish a shared secret over a public channel; widely used in modern and post-quantum key-establishment designs. (NIST Computer Security Resource Center)

Key used to encrypt other encryption keys.

Secure storage of backup copies of encryption keys for recovery or compliance.

Secure creation of cryptographic keys used for encryption operations.

Structured arrangement of keys where master keys protect subordinate keys.

Size of a cryptographic key measured in bits that determines encryption strength.

The lifecycle management of encryption keys including generation, storage, rotation, and deletion.

Managed service that automates encryption key storage, rotation, and access control.

A pair consisting of a public key and private key used in asymmetric cryptography.

Process of invalidating a key that has been compromised or is no longer trusted.

Periodic replacement of encryption keys to reduce risk of compromise.

Restrictions controlling how encryption keys may be used.

Cryptographic method for protecting encryption keys, usually by encrypting one key with another key using a dedicated key-wrap algorithm. (NIST Computer Security Resource Center)

Attack where an adversary intercepts and alters communication between two parties.

Cryptographic value used to verify data integrity and authenticity.

TLS configuration in which both client and server authenticate each other with certificates, not just the server. (IETF Datatracker)

Unique value used once in encryption operations to prevent replay attacks.

Protocol for checking the current revocation/status of a certificate without downloading a full CRL. (IETF Datatracker)

Security property ensuring past communications remain secure even if long-term keys are compromised.

Original readable data before encryption is applied.

Encryption methods designed to resist attacks from quantum computers.

A secret key used to decrypt data encrypted with the corresponding public key.

A cryptographic key that can be shared publicly and used to encrypt data.

System that manages certificates, encryption keys, and trust relationships.

System that generates random values required for encryption keys.

Cryptographic proof that a TEE / secure enclave / platform is genuine and running approved code or measurements before secrets are released to it. (NIST Publications)

Attack where intercepted encrypted messages are reused maliciously.

Top-level encryption key used to protect other keys in a hierarchy.

Foundational hardware, firmware, or cryptographic component that other security functions rely on for trust decisions.

Public-key encryption algorithm used for key exchange and digital signatures.

Random value added to data before hashing to prevent dictionary attacks.

Encryption technique enabling queries on encrypted data.

Hardware-protected execution environment used for confidential workloads.

Protected environment used for storing encryption keys.

Cryptographic approach enabling parties to compute results without revealing their data.

Earlier encryption protocol for secure communications, largely replaced by TLS.

Encryption performed by the cloud provider after data is uploaded.

Attack exploiting physical characteristics such as timing or power consumption.

Encryption algorithm that encrypts data sequentially one bit or byte at a time.

Encryption method where the same key is used for both encryption and decryption.

Replacing sensitive data with non-sensitive tokens while preserving references.

Automatic database encryption that protects data files without modifying applications.

Protocol used to encrypt network communication such as HTTPS traffic.

Secure processor area that isolates sensitive computations.

AES-based mode designed for storage-device encryption; it provides confidentiality for sectors/blocks on storage media but does not provide authentication/integrity. (NIST Computer Security Resource Center)