Platform SDK: Security Glossary

E

ECB
See Electronic Codebook.
EKU
See enhanced key usage.
electronic codebook (ECB)
A block cipher mode (each block is encrypted individually) that uses no feedback. This means any blocks of plaintext that are identical (either in the same message or in a different message that is encrypted with the same key) is transformed into identical ciphertext blocks.

Initialization vectors cannot be used with this cipher mode.

If a single bit of the ciphertext block is garbled, then the entire corresponding plaintext block is also garbled.

encoding
The process of turning data into a stream of bits. Encoding is part of the serialization process that converts data into a stream of ones and zeros so that it can be transmitted over a serial line.
encoding type
Refers to which type of encoding is used for certificate and message encoding. The encoding types are specified as a DWORD, with the type of certificate encoding stored in the low-order word and the type of message encoding stored in the high-order word.

Although some functions or structure fields require only one of the encoding types, it is always acceptable to specify both.

encryption
The process in which data (plaintext) is translated into something that appears to be random and meaningless (ciphertext). Cipertext is difficult to unscramble without a secret key.
encrypted data
Data that has been converted from plaintext into ciphertext. Encrypted messages are used to disguise the content of a message when it is sent or stored.
encryption and decryption functions
Simplified message functions used to encode and encrypt (or decode and decrypt) data. As a set, these functions include support for simultaneously encrypting and decrypting data.

See also simplified message functions.

enhanced content type
A class of data contained in a PKCS #7 message that contains data (possibly encrypted), plus cryptographic enhancements such as hashes or signatures.

Types of enhanced data defined by PKCS #7 include signed data, enveloped data, signed-and-enveloped data, and digested (hashed) data.

enhanced key usage (EKU)
Both a certificate extension and a certificate extended property value. An EKU specifies the uses for which a certificate is valid.
enveloped data content type
A PKCS #7 enhanced content that consists of encrypted content (of any type) and content-encryption keys (for one or more recipients). The combination of encrypted content and encryption key for a recipient is called a digital envelope for that recipient.

This type of message should be used when you want to keep the contents of the message secret and allow only specified persons or entities to retrieve the contents.

exchange key
See exchange key pair.
exchange key pair
A public/private key pair used to encrypt session keys so that they can be safely stored and exchanged with other users. Exchange key pairs are created by calling CryptGenKey.

Compare signature key pair.

external store
A certificate store that maintains its certificates, CRLs, and CTLs in a location external to cached memory, such as in a database on a network server.

An external store does not read and decode its certificates, CRLs, and CTL when CertOpenStore is called. Reading and decoding is deferred until an enumeration or find.