def

Encryption & Decryption
Encryption is the process by which clear information is coded into unclear information for security purposes.
Decryption is the opposite process of encryption, where coded information is transformed into clear information.

Cryptographic Key
A cryptographic key is a set of instructions that governs an encryption or decryption algorithm. Usually the encryption and decryption algorithms are generally known and the key, which is usually a string, is kept secret and makes the communication secure.

Symmetric Cryptography
Symmetric cryptography refers to encryption algorithms that have an inverse decryption algorithm which uses the same cryptographic key. This means that with symmetric cryptography one needs only a single key for both encryption and decryption, using the inverse of the encryption algorithm for decryption. (Examples: DES, RC4, or IDEA).

Asymmetric Cryptography
Asymmetric cryptography refers to encryption algorithms that are not inverse (one-way functions). Information encrypted by such an algorithm requires two different algorithms, one for encryption and another for decryption. This means that with asymmetric cryptography one needs two different keys - one for encryption and another for decryption. The most common algorithm today is RSA.

Hash Function
A hash function is a difficult to reverse function that maps its input to a number within a certain range. Someone who does not know a certain hash function will find it very hard to resolve the input of the function from its hash value. Also, a hash function used in secure communication is designed to make it difficult to guess an input that will have a certain hash value.

One-way hash function
An algorithm that turns text or messages into a fixed string of digits, also called a message digest, usually for security or data management purposes. The "one way" means that it's practically impossible to derive the original text from the string. A one-way hash function is used to create digital signatures, which in turn identify and authenticate the sender and message of a digitally distributed message.
When using a one-way hash function, one can compare a calculated message digest against the message digest that is decrypted with a public key to verify that the message hasn't been tampered with. This comparison is called a "hashcheck."

MD5
MD5 is a one-way hash function, created in 1991 by Professor Ronald L. Rivest.
The MD5 alogirthm takes as input a message of arbitrary length and produces as output a 128-bit "message digest" of the input. It is conjectured that it is computationally infeasible to produce two messages having the same message digest, or to produce any message when given a target message digest.
MD5 is intended for digital signature applications (verify data integrity), where a large file must be "compressed" in a secure manner before being encrypted with a private (secret) key under a public-key cryptosystem such as RSA.

SHA / SHA-1
SHA (Secure Hash Algorithm) is a one-way hash function, developed by the National Institute of Standards and Technology (NIST). See http://www.nist.gov for more information about NIST.
For a message of length < 2^64 bits, the SHA-1 produces a 160-bit condensed representation of the message called a message digest. The message digest is used during generation of a signature for the message. The SHA-1 is also used to compute a message digest for the received version of the message during the process of verifying the signature. Any change to the message in transit will, with very high probability, result in a different message digest, and the signature will fail to verify.

Digital Signature
A digital signature is a method for authenticating the identity of a sender in digital communication.
This is a digital code that can be attached to an electronically transmitted message that uniquely identifies the sender. Like a written signature, the purpose of a digital signature is to guarantee that the individual sending the message really is who s/he claims to be. Digital signatures are especially important for electronic commerce. To be effective, it should be impossible to forge the digital signature, and there are several different encryption techniques to guarantee this level of security.

MAC
The message authentication code (MAC) is a piece of data that is computed by a hash function from the message and is appended at the end of the message before sending. This is in order to authenticate the message's content. Both parties, in the communication, agree on a secret hash function, or on a secret key used with a known hash function. Each time that one of them receives a message he will compute the MAC from the message and compare it to the MAC he received. The MAC makes it possible to detect frauds and attempts to garble communication.

Public Key Cryptography
Public key cryptography refers to an asymmetric cryptography method used on the Internet. In this method a user has two cryptographic keys: one key is published and is called a public key, and the other is kept secret and is called a 'private key'. Every message encrypted with the public key can only be decrypted with the private key and every message encrypted with the private key can only be decrypted with the public key.

The following picture explains the process above:

A user may not simply create his own set of keys. There are Internet authorities that issue certificates to users that contain a set of legitimate public and private keys. Any user that intends to use his keys over the Internet will need to show his certificate in order to confirm his identity and the validity of his keys.
Public key cryptography is very useful since it doesn't require both participants of a communication to agree on a secret key before starting the communication. One who wishes to send a secure transmission to a recipient that has a public key, will simply encrypt his message with the published public key of the recipient. Now, only the recipient will be able to decrypt this message since only he knows the private key.
Public key cryptography can also be used for digital signatures. A sender that wants to sign his message will encrypt it with his private key. Anyone who receives the message will only be able to decrypt it with the public key of the sender, therefore authenticating the sender's identity.

DES
The Data Encryption Standard (DES) is a symmetric encryption algorithm developed by the NSA. It has a key of 2^56 bits which is sufficiently large for commercial purposes. The DES function is a function that permutes a 2^64 bits data block. It is in fact a mapping {0..2^64-1} -> {0..2^64}. There are of course 2^56 different permutations depending on the key that is used. The decryption is done by the inverse DES function (DES^-1), which is the opposite permutation.

RSA
The RSA public key cryptography is an asymmetric encryption algorithm that is commonly used on the Internet and in many SSL implementations as well. The RSA public key consists of two integers (n,e) where n = pq and p,q are primes.
(e) is a relative prime for f(pq) where f is the Euler function on pq. The primes p and q are kept secret. There is yet no tractable algorithm that is able to resolve p and q form n, and that is what RSA is based on. The algorithm is as follows:
RSA(x,e) = x^e mod pq. (x<pq).
This function is not reversible unless p and q are known. If they are known then f(pq) = (p-1)(q-1) can be calculated and
d = (e)^-1 (mod pq)
exists and can be found by Euclid's algorithm.
We will note that: d * e = 1 mod f(pq)
and also: x^f(pq) = 1 mod pq
Therefore if d is known and y = RSA(x,e) = x^e mod pq
then y^d = x^(e * d) = x^(1 mod f(pq) ) = x mod pq = x.
It is obvious therefore that the private key will be (n,d). This algorithm is used for public key cryptography since
RSA(d,RSA(e,x)) = x and RSA(e,RSA(d,y)) = y
and so it can be used for sending encrypted messages and for digital signatures. (RSA are the initials of the researchers who proposed it: Ron Rivest, Adi Shamir and Len Adleman).

Authentication
A technique a host uses to verify another hosts' identity. This assures that the communication is authentic. A simple example for this technique is entering a password for logging into a server computer such as a banking system.

Integrity Check
This service assures that messages are received as they are sent, with no modification. Modification includes changing, deleting, writing or replaying the transmitted messages. By using this service, the receiver can be sure that no intruder substitutes the original message.

Nonrepudiation
Nonrepudiation prevents either sender or receiver from denying a transmitted message.

Certificates
Certificate is an object that was invented by the standards community to prevent impersonation on the web. It is a standard way to bind a public key to a name. This technique is based on a trusted agency, called Certificate Authority, and allows two parties that want to communicate to authenticate each other.
Assume a situation of part B who wants to send part A its public key. How does part A know that the given public key is really sent from part B? The technology of using a Certificate answers this question. Now, instead of sending a public key, part B sends its’ certificate to part A so that it can verify part B’s identity.
A Certificate includes the following contents:
- Subject - Includes identifying information, the distinguished name and the public key.
- Issuer - Includes the certificate authorities, the distinguished name and signature.
- Period of Validity - Indicates the time during which the certificate is valid.
- Administrative Information - May include information such version, serial number, etc.