Public key infrastructure (PKI)
Public key
A public key is a cryptographic key that is shared publicly and used for encryption or signature verification.
Example: Securing online transactions with SSL/TLS certificates.
flowchart
subgraph PublicKey
publickey -->|Shared publicly| EncryptionSignatureVerification
end
Private key
A private key is a cryptographic key kept secret and used for decryption or signature generation.
flowchart
subgraph PrivateKey
privatekey -->|Kept secret| DecryptionSignatureGeneration
end
Key escrow
Key escrow is a process where cryptographic keys are stored with a trusted third party for recovery purposes.
flowchart
subgraph KeyEscrow
keyescrow -->|Stored with third party| Recovery
end
Encryption
Level
Full-disk
Full-disk encryption protects an entire storage device, including the operating system and data.
flowchart
subgraph FullDiskEncryption
fulldisk -->|Protects entire device| OSData
end
Partition
Partition-level encryption secures individual partitions on a storage device.
flowchart
subgraph PartitionEncryption
partition -->|Secures individual partitions| StoragePartitions
end
File
File-level encryption protects individual files or directories.
flowchart
subgraph FileEncryption
file -->|Protects individual files| FilesDirectories
end
Volume
Volume-level encryption secures specific storage volumes.
flowchart
subgraph VolumeEncryption
volume -->|Secures specific volumes| StorageVolumes
end
Database
Database encryption protects data stored within a database.
flowchart
subgraph DatabaseEncryption
database -->|Protects data in databases| Data
end
Record
Record-level encryption secures individual records or data elements within a database.
flowchart
subgraph RecordEncryption
record -->|Secures individual records| DataElements
end
Transport/communication
Encryption in transport or communication secures data during transmission.
flowchart
subgraph TransportCommunicationEncryption
transport -->|Secures data during transmission| SecureTransmission
end
Asymmetric
Asymmetric encryption uses a pair of public and private keys for encryption and decryption.
flowchart
subgraph AsymmetricEncryption
asymmetric -->|Uses public and private keys| EncryptionDecryption
end
Symmetric
Symmetric encryption uses the same key for both encryption and decryption.
flowchart
subgraph SymmetricEncryption
symmetric -->|Uses the same key| EncryptionDecryption
end
Key exchange
Key exchange protocols facilitate the secure exchange of encryption keys.
flowchart
subgraph KeyExchange
keyexchange -->|Facilitates secure key exchange| EncryptionKeys
end
Algorithms
Cryptographic algorithms define the mathematical functions used in encryption and decryption.
flowchart
subgraph CryptographicAlgorithms
algorithms -->|Define mathematical functions| EncryptionDecryption
end
Key length
Key length refers to the size or length of encryption keys, which impacts security.
flowchart
subgraph KeyLength
keylength -->|Impacts security| EncryptionStrength
end
Tools
Hardware security module (HSM)
HSM is a dedicated hardware device for secure key management and cryptographic operations.
flowchart
subgraph HSM
hsm -->|Dedicated hardware device| SecureKeyManagementCrypto
end
Key management system
A key management system helps manage cryptographic keys throughout their lifecycle.
flowchart
subgraph KeyManagementSystem
keymanagement -->|Manages key lifecycle| KeyLifecycle
end
Secure enclave
A secure enclave is a protected area in a processor that handles sensitive data and operations.
flowchart
subgraph SecureEnclave
secureenclave -->|Protects sensitive data| SecureDataOperations
end
Obfuscation
Steganography
Steganography hides data within other non-secret data, making it difficult to detect.
flowchart
subgraph Steganography
steganography -->|Hides data within non-secret data| DataHiding
end
Tokenization
Tokenization replaces sensitive data with tokens, preserving the original data's format.
flowchart
subgraph Tokenization
tokenization -->|Replaces data with tokens| DataReplacement
end
Data masking
Data masking disguises sensitive data while keeping the format intact for testing or non-production use.
flowchart
subgraph DataMasking
datamasking -->|Disguises sensitive data| DataDisguise
end
Hashing
Hashing is the process of converting data into a fixed-size string of characters.
flowchart
subgraph Hashing
hashing -->|Converts data into a fixed-size string| DataConversion
end
Salting
Salting involves adding random data (a "salt") to data before hashing to increase security.
flowchart
subgraph Salting
salting -->|Adds random data before hashing| DataSalting
end
Digital Signatures
Digital signatures verify the authenticity and integrity of digital messages or documents.
flowchart
subgraph DigitalSignatures
digitalsignatures -->|Verifies authenticity and integrity| MessageVerification
end
Key Stretching
Key stretching makes cryptographic keys more resistant to brute force attacks.
flowchart
subgraph KeyStretching
keystretching -->|Enhances resistance to brute force attacks| KeyEnhancement
end
Blockchain
Blockchain is a decentralized and secure distributed ledger technology.
flowchart
subgraph Blockchain
blockchain -->|Decentralized and secure ledger| DistributedLedger
end
Open Public Ledger
An open public ledger is a publicly accessible blockchain.
flowchart
subgraph OpenPublicLedger
openledger -->|Publicly accessible blockchain| AccessibleBlockchain
end
Certificates
Certificate Authorities
Certificate authorities issue digital certificates, verifying the identity of entities.
flowchart
subgraph CertificateAuthorities
authorities -->|Issue digital certificates| IdentityVerification
end
Certificate Revocation Lists (CRLs)
CRLs contain information about revoked digital certificates.
flowchart
subgraph CertificateRevocationLists
crls -->|Contain information about revoked certificates| RevokedCertificateInfo
end
Online Certificate Status Protocol (OCSP)
OCSP checks the revocation status of a digital certificate in real-time.
flowchart
subgraph OCSP
ocsp -->|Real-time certificate status checks| CertificateStatusCheck
end
Self-signed Certificates
Self-signed certificates are signed by the entity they belong to, not by a certificate authority.
flowchart
subgraph SelfSignedCertificates
selfsigned -->|Signed by the entity| EntitySigning
end
Third-party Certificates
Third-party certificates are issued by trusted certificate authorities.
flowchart
subgraph ThirdPartyCertificates
thirdparty -->|Issued by trusted authorities| TrustedIssuance
end
Root of Trust
The root of trust is the most trusted entity in a public key infrastructure.
flowchart
subgraph RootOfTrust
rootoftrust -->|Most trusted entity| TrustedEntity
end
Certificate Signing Request (CSR) Generation
A CSR is a request for a digital certificate, typically generated by the entity.
flowchart
subgraph CSRGeneration
csr -->|Request for a digital certificate| CertificateRequest
end
Wildcard Certificates
Wildcard certificates secure a domain and its subdomains using a single certificate.
flowchart
subgraph WildcardCertificates
wildcard -->|Secures a domain and subdomains| DomainSecurity
end