S

salt value

Random data that is sometimes include as part of a session key. When added to a session key, the plaintext salt data is placed in front of the encrypted key data.

Salt values are added to increase the work required to mount a brute-force (dictionary) attack against data encrypted with a symmetric-key cipher.

Salt values are generated by calling CryptGenRandom.

SChannel

A security package that provides authentication between clients and servers.

Secure Hash Algorithm

(SHA-1) A hashing algorithm that generates a 160-bit hash value. SHA-1 is used with the Digital Signature Algorithm(DSA) in the Digital Signature Standard(DSS), among other places.

The CryptoAPI references this algorithm by its identifier (CALG_SHA), name (SHA), and class (ALG_CLASS_HASH).

SHA-1 was developed by the National Institute of Standards and Technology (NIST) and by the National Security Agency (NSA).

Secure Hash Standard

A standard designed by NIST and NSA. This standard defines the Secure Hash Algorithm (SHA-1) for use with the Digital Signature Standard (DSS).

See also Secure Hash Algorithm.

Secure Sockets Layer protocol

(SSL) A protocol for secure network communications using a combination of public and private key technology.

Secure/Multipurpose Internet Mail Extensions

(S/MIME) An e-mail security standard that makes use of public key encryption.

serialize

The process of converting data into a string of ones and zeros so that it can be transmitted serially. Encoding is part of this process.

server

A computer that responds to commands from a client computer. The client and server work together to perform distributive application functionality.

See also client.

session

An exchange of messages under the protection of a single piece of keying material. For example, SSL sessions use a single key to send multiple messages back and forth under that key.

session key

A key used primarily for data encryption and decryption. Session keys are typically used with symmetric encryption algorithms where the same key is used for both encryption and decryption. For this reason, session and symmetric keys usually refer to the same type of key.

A session key consists of a random number of approximately 40 to 2000 bits. Session keys can be derived from hash values by calling CryptDeriveKey.

session-key derivation scheme

Specifies when a key is derived from a hash. Methods used depend on the CSP type.

SHA

The CryptoAPI name for the Secure Hash algorithm. The CryptoAPI also references this algorithm by its algorithm identifier (CALG_SHA) and class (ALG_CLASS_HASH).

See also Secure Hash Algorithm.

SHS

See Secure Hash Standard.

signature and data verification functions

Simplified message functions used to sign outgoing messages and verify the authenticity of applied signatures in received messages and related data.

See simplified message functions.

signature file

A file that contains the signature of a particular CSP. The signature file is necessary to ensure that the CryptoAPI recognizes the CSP. The CryptoAPI validates this signature periodically to make certain the CSP has not been tampered with.

signature functions

Functions used to create and verify digital signatures.

See also simplified message functions.

signature key pair

The public/private key pair used for authenticating (digitally signing) messages. Signature key pairs are created by calling CryptGenKey.

See also exchange key pair.

signature private key

The private key of a signature key pair.

See signature key pair.

signed and enveloped data

A data content type defined by PKCS #7. This data type consists of encrypted content of any type, encrypted content-encryption keys for one or more recipients, and doubly encrypted message hash(es) for one or more signers. The double encryption consists of an encryption with a signer's private key followed by an encryption with the content-encryption key.

signed data

A data content type defined by PKCS #7. This data type consists of any type of content plus encrypted message hashes (digests) of the content for zero or more signers. The resulting hash(es) can be used to confirm who signed the message. These hashes also confirm that the original message has not been modified since the message was signed.

simple key blob

A session key encrypted with the key-exchange public key of the destination user. This key blob type is used when storing a session key or transmitting a session key to another user. A key blob is created by calling CryptExportKey.

simplified message functions

Message management functions such as message encryption, decryption, signing and signature verification functions. Simplified message functions operate at a higher level than the base cryptographic functions or the low-level message functions.

Simplified message functions wrap several of the base cryptographic, low-level message, and certificate functions into a single function that performs a specific task in a specific manner, such as encrypting a PKCS #7 message or signing a message.

See also low-level message functions.

Skipjack

An encryption algorithm specified as part of the Fortezza encryption suite. Skipjack is a symmetric cipher with a fixed key length of 80 bits.

Skipjack is a classified algorithm created by the United States National Security Agency (NSA). The technical details of the Skipjack algorithm are secret.

S/MIME

See Secure/Multipurpose Internet Mail Extensions.

SSL

See Secure Sockets Layer protocol.

SSL3 Client Authentication algorithm

An algorithm used for client authentication in Secure Sockets Layer(SSL) version 3. In the SSL3 protocol, a concatenation of an MD5 hash and a SHA-1 hash is signed with an RSA private key. CryptoAPI and the Microsoft Base and Enhanced Cryptographic Providers support SSL3 with the hash type CALG_SSL3_SHAMD5.

SSL3 protocol

Version 3 of the Secure Sockets Layer (SSL) protocol.

stream cipher

A cipher that serially encrypts data, one bit at a time.

See also block cipher.

symmetric algorithm

A cryptographic algorithm that typically uses a single key, often referred to as a session key, for encryption and decryption. Symmetric algorithms can be divided into two categories, stream algorithms and block algorithms (also called stream and block ciphers).

See also stream cipher and block cipher.

symmetric encryption

Encryption that uses a single key for both encryption and decryption. Symmetric encryption is preferred when encrypting large amounts of data. Some of the more common symmetric encryption algorithms are RC2, RC4, and Data Encryption Standard (DES).

See also public-key encryption.

symmetric key

A single key, typically a session key, used for both encryption and decryption.

See also session key.