Platform SDK: Security Glossary

D

DACL
See discretionary access-control list.
data content type
A base content type defined by PKCS #7. Data content is simply an octet (byte) string.
data encryption
See encryption.
data encryption function
See encryption and decryption functions.
Data Encryption Standard (DES)
A block cipher that encrypts data in 64-bit blocks. DES is a symmetric algorithm that uses the same algorithm and key for encryption and decryption.

Developed in the early 1970s, DES is also known as the DEA (Data Encryption Algorithm) by ANSI and the DEA-1 by ISO.

datagram
A communication channel that uses information routed through a packet-switching network. This information includes separate packets of information and the delivery information associated with those packets, such as the destination address. In a packet-switching network, data packets are routed independently of one another and may follow different routes. They may also arrive in a different order from the one in which they were sent.
decoding
The process of translating an encoded object (such as a certificate) or data back to its original format.

In general terms, data is decoded by the Encoding/Decoding layer of the communication protocol. Certificates are decoded by a call to CryptDecodeObject.

decryption
The process in which ciphertext is converted to plaintext.
default mode
Default settings, such as the block encryption cipher mode or the block encryption padding method.
DER
See Distinguished Encoding Rules.
derived key
A cryptographic key created by a call to CryptDeriveKey. A derived key can be created from a password, or any other user data.

Derived keys allow applications to create session keys as needed, eliminating the need to store a particular key.

DES
See Data Encryption Standard.
DH
See Diffie-Hellman algorithm.
DH_KEYX
The CryptoAPI algorithm name for the Diffie-Hellman key-exchange algorithm.

See also Diffie-Hellman algorithm.

Diffie-Hellman algorithm
(DH) A public-key algorithm used for secure key exchange. Diffie-Hellman cannot be used for data encryption.

This algorithm is specified as the key exchange algorithm for PROV_DSS_DH provider types.

See also Diffie-Hellman (store and forward) key-exchange algorithm and Diffie-Hellman (ephemeral) key-exchange algorithm.

Diffie-Hellman (store and forward) key-exchange algorithm
A Diffie-Hellman algorithm where the exchange key values are retained (in the CSP) after the key handle has been destroyed.

See also Diffie-Hellman (ephemeral) key-exchange algorithm.

Diffie-Hellman (ephemeral) key-exchange algorithm
A Diffie-Hellman algorithm where the exchange key value is purged from the CSP when the key handle is destroyed.

See also Diffie-Hellman (store and forward) key-exchange algorithm.

digested data
A data content type defined by PKCS #7 that consists of any type of data plus a message hash (digest) of the content.
digital certificate
See certificate.
digital envelope
Private messages encrypted using the recipient's public key. Enveloped messages can only be decrypted by using the recipient's private key, allowing only the recipient to understand the message.
digital signature
A digital string that is bundled with the message or transmitted separately. They are used to authenticate messages. A valid digital signature confirms that the message has not been tampered with, and may also identify the entity who signed the message. Signing a message does not alter the message itself.
Digital Signature Algorithm (DSA)
A public-key algorithm specified by Digital Signature Standard (DSS). DSA is only used to generate digital signatures. It cannot be used for data encryption.
digital signature key pair
See signature key pair.
Digital Signature Standard (DSS)
A standard that specifies the Digital Signature Algorithm (DSA) for its signature algorithm and SHA-1 as its message hash algorithm. DSA is a public-key cipher that is only used to generate digital signatures and cannot be used for data encryption.

DSS is specified by PROV_DSS, PROV_DSS_DH, and PROV_FORTEZZA provider types.

discretionary access-control list (DACL)
An access-control list that is controlled by the owner of an object and that specifies the access particular users or groups can have to the object.

See also access-control list and system access-control list.

Distinguished Encoding Rules (DER)
A set of rules for encoding ASN.1 defined data as a stream of bits for external storage or transmission. Every ASN.1 object has exactly one corresponding DER encoding. DER is defined in CCITT Recommendation X.509, Section 8.7. This is one of two encoding methods currently used by the CryptoAPI.
DLL
See dynamic-link library.
DSA
See Digital Signature Algorithm.
DSS
See Digital Signature Standard.
dynamic-link library
A file that contains executable routines that can be called from other applications.