Platform SDK: Security Glossary

B

backup authority
A trusted application running on a secure computer that provides secondary storage for the session keys of its clients.

The backup authority stores session keys as key BLOBs that are encrypted with the backup authority's public key.

base content type
A type of data contained in a PKCS #7 message. Base content types only contain data, no cryptographic enhancements such as hashes or signatures.

Currently, the only base content type is the Data content type.

base cryptographic functions
The lowest level of functions in the CryptoAPI architecture. They are used by applications and other high-level CryptoAPI functions to provide access to CSP-provided cryptographic algorithms, secure key generation, and secure storage of secrets.

See also cryptographic service providers.

Basic Encoding Rules
(BER) The set of rules used to encode ASN.1 defined data into a stream of bits (zeros or ones) for external storage or transmission. A single ASN.1 object may have several equivalent BER encodings.

BER is defined in CCITT Recommendation X.209. This is one of the two encoding methods currently used by the CryptoAPI.

big-endian
A data format where the least significant byte is placed in the highest memory address.

See also little endian.

BER
See Basic Encoding Rules.
BLOB
A generic sequence of bits that contain one or more fixed-length header structures plus context specific data.

See also key BLOBs, certificate BLOBs, certificate name BLOBs, and attribute BLOBs.

block cipher
A cipher algorithm that encrypts data in discrete units (called blocks), rather than as a continuous stream of bits. The most common block size is 64 bits. For example, DES is a block cipher.

Block ciphers are considered more secure than stream ciphers; however, block ciphers tend to execute much slower.

See also stream cipher.

bulk encryption key
A session key derived from a master key. Bulk encryption keys are used in SChannel encryption.