•   Deutsch
  •   English
  •   Français

for digital signature
and email encryption
JULIA MailOffice (JMO)

 

for closed communication of ways
with fixed Communication partners
 JULIA closed Communication (JcC)

 

by meaningful reduction of the
operating platforms and algorithms
to robust communication
JULIA robust Communication (JrC)

 

Crypto Glossary

Asymmetric cryptographic procedure

Encrypting method based on two different keys, one is public and one is private (secret). Therefore you can encrypt a message with the public key that only the holder of the private and secret key is able to decrypt. This way the problem of sharing secret symmetric keys is solved and electronic signature is enabled.

Authentication

The genuineness or data authorship will be proofed by cryptographic routines. With a determined procedure you can verify (authentication) if someone is the one to be and if the data is really coming from this person.

Authenticity

The genuineness of a message or its authorship.

Card holder

A physical person the Signtrust signature card has been issued for.

Certificate

An electronic certification assigning to the certificate holder a public signature key and confirming the holder's identity.
A certificate contains details on the holder (name, alternate name), on the issuer (name, revocation list) and the public key of the holder (with details on the cryptographic procedure). Furthermore it contains an electronic signature (with details on the cryptographic procedure) assuring the authentication and integrity of the certificate's data.

Certificate holder

Subject holding the certificate. In the certificate the holder is named subject.

Certificate Revocation List (CRL)

Special term for the black list.

Certification authority

Logical unit of a certification service issuing (signing) certificates. To every certification authority one or more key pairs for signature of the certificates are assigned.

Certification Authority (CA)

Term for a certification service or authority.

Certification hierarchy

Tree structure consisting of the certification authorities and their issued certificates. On the lower level the certificates of the end users are located. Underneath every certification unit are linked the corresponding branches of entities the certification authorities are issuing certificates for. The upper certification authority is called root CA.

Certification Practice Statement (CPS)

Definition of the practice employed for the certification service for issuing a certificate.

Certification service

Service issuing certificates. In terms of the CPS (Certification Practice Statement) this is the entity of all technical services and organization units the Deutsche Post Com uses to issue certificates for the Signtrust signature cards.

Directory service

Service for downloads of certificates.

Distinguished Name (DN)

Name for X.501 standard. A DN consists of different attributes and corresponding values and clearly determines an item. The most important attributes in this CPS are CommonName (cn), Organization (o) and Country (c).

Electronic signature

Data linked logically with other electronic data and enable to verify authenticity and integrity. With an electronic signature you can verify if the message has modified and you also can check the signer of an electronic document. The level of security of an electronic signature depends on the used parameters of the cryptographic procedure, on the nondisclosure of the private key and on the assignment of the public key to the signing person (e.g. with a certificate).

Error Counter

Counts the number of wrong PIN consequently entered up to an allowed maximum.

Hash function (function to calculate checksums)

Hash functions are used for electronic signatures that are resistant to collisions. That means that it is extremely unlikely that two different messages will have the same hash.

Integrity

Genuineness of data or a system.

Key memorizing

Sub system of the certification authority issuing the key memory card.

Key memory card (assigning a card to a person)

The key memory card contains the individual data of a person stored onto the card chip. Finally the card will be labelled to complete this action.

Lightweight Directory Access Protocol (LDAP)

Standard protocol for accessing directories invented by the Internet Engineering Task Force (IETF).

OCSP-Responder

This is a server providing details on the revocation status of certificates via OCSP.

Online Certificate Status Protocol (OCSP)

Standard protocol for online requests of status information of certificates invented by the IETF.

PIN - Personal Identification Number

Secret number for authentication of an individual e.g. on chip cards.

PKI - Public Key Infrastructure

Term for technical and organizational environment of asymmetric cryptographic procedure.

Private key

Secret and non-disclosure part of a key pair for asymmetric key pairs.

Public key

Non-secret part of a key pair for asymmetric key pairs.

Registration authority

Department of a certification service registering and identifying certificate applicants and holders. This department also accepts and decides on applications for certificates. 

Revocation

Ultimate revocation and blocking of a certificate. A revoked certificate will be listed in the revocation list.

Revocation list

List of a certification service provider publishing details on revocations of his own certificates.

RSA

Asymmetric cryptographic procedure for encryption and electronic signature named by its author Rivest Shamir Adleman.

SSL - Secure Socket Layer

Protocol for protected communication, e.g. via Internet.

X.501

The International Telecommunication Union (ITU) determined the X.501 standard for defining the structure of directories and their corresponding names to identify objects in directories.

X.509

The ITU determined the X.509 standard defining amongst others the actually predominating data formats for certificates and revocation lists.

Zertifikatsinhaber

Entität, für die das Zertifikat ausgestellt wird. Der Zertifikatsinhaber ist im Zertifikat als ?Subject? eingetragen.
Zertifizierungsdienst
Entität, die Zertifikate ausstellt. Im Sinne dieses CPS die Gesamtheit aller technischen Einrichtungen und organisatorischen Einheiten, mit denen die Deutsche Post Com die Zertifikate für die Signtrust-Signaturkarten ausstellt.

Zertifizierungshierarchie

Baumartige Struktur bestehend aus den Zertifizierungsinstanzen und den von ihnen ausgestellten Zertifikaten. Auf der untersten Hierarchie-Ebene stehen die Zertifikate der Endanwender. Unter jeder Zertifizierungsinstanz hängen an entsprechenden Ästen die Entitäten, für die sie Zertifikate ausstellen. Die oberste Zertifizierungsinstanz nennt man Root-CA.

Zertifizierungsinstanz

Logische Einheit eines Zertifizierungsdienstes zur Ausstellung (Signierung) von Zertifikaten. Jeder Zertifizierungsinstanz sind jeweils ein oder mehrere Schlüsselpaare zur Signierung der Zertifikate zugeordnet.