P1735 Glossary
Table Of Contents
Back to Table Of Contents
Introduction
This is a Glossary of terms frequently used in P1735 writings. Where multiple definitions are possible, an attempt is made to describe the key definition specific to P1735 first. Generic or alternate meanings may or may not be reflected here. Please keep the terms in alphabetical order and sign entries/revisions. Approved terms are acknowledged and cleaned up (signatures removed, etc.).
Terms
digital envelope
A type of security that uses two layers of encryption to protect a message. First, the message itself is encoded using symmetric encryption, and then the key to decode the message is encrypted using public-key encryption. This technique overcomes one of the problems of public-key encryption, which is that it is slower than symmetric encryption. Because only the key is protected with public-key encryption, there is very little overhead. It capitalizes on one of the benefits of public-key encryption, that there is no need to exchange a secret key with some form of out of band communication. While it is possible to also encrypt the key associated with the message using symmetric encryption and still call that a digital envelope, P1735 intends the specific definition given here. For more details, refer to the P1735 digital envelope use case and the recommended practices for using it.
The term may generically refer to any secure container for a electronic message or be occasionally used to describe inserting data into a packet or frame for transmission over a network. The envelope metaphor then merely implies a container.
--
JohnShields - 24 Jul 2008
message digest
A message digest is a string that acts as a kind of "signature" for the associated message or data. It provides a level of assurance both that the data is correct, and that is comes from the expected source. A typical message digest is a cryptographic "hash" function that quickly runs over the data, producing a fixed length "hash" string that serves as the digest.
The practical intention is that a person knowing the hash, is unable to work out the original message, but someone knowing the original message can prove the hash is created from that message, and none other. A cryptographic hash function should behave as much as possible like a random function while still being deterministic and efficiently computable.
--
DavidClemans - 25 Aug 2008
Back to Table Of Contents
--
JohnShields - 24 Jul 2008