- DACL
See
discretionary access control list.
- data content type
A base content type defined by PKCS #7. Data content is simply an octet (byte) string.
- data encryption
See encryption.
- data encryption function
See
encryption and decryption functions.
- Data Encryption Standard
(DES) A block cipher that encrypts data in 64-bit blocks. DES is a symmetric algorithm that uses the same
algorithm and key for encryption and decryption.
Developed in the early 1970s, DES is also known as the DEA (Data Encryption Algorithm) by ANSI and the DEA-1
by ISO.
- datagram
A communication channel that uses information routed through a packet-switching network. This information
includes separate packets of information and the delivery information associated with those packets, such as the
destination address. In a packet-switching network, data packets are routed independently of one another and may
follow different routes. They may also arrive in a different order from the one in which they were sent.
- decoding
The process of translating an encoded object (such as a certificate) or data back to its original format.
In general terms, data is decoded by the Encoding/Decoding layer of the communication protocol. Certificates
are decoded by a call to the CryptDecodeObject function.
- decryption
The process of converting ciphertext to plaintext. Decryption is the opposite of encryption.
- default mode
Default settings, such as the block encryption cipher mode or the block encryption padding method.
- DER
See
Distinguished Encoding Rules.
- derived key
A cryptographic key created by a call to the CryptDeriveKey function. A
derived key can be created from a password, or any other user data. Derived keys allow applications to create
session keys as needed, eliminating the need to store a particular key.
- DES
See
Data Encryption Standard.
- DH
See
Diffie-Hellman algorithm.
- DH_KEYX
The CryptoAPI algorithm name for the Diffie-Hellman key-exchange algorithm.
See also
Diffie-Hellman algorithm.
- Diffie-Hellman algorithm
(DH) A public key algorithm used for secure key exchange. Diffie-Hellman cannot be used for data encryption.
This algorithm is specified as the key exchange algorithm for PROV_DSS_DH provider types.
See also
Diffie-Hellman (store and forward) key-exchange algorithm and
Diffie-Hellman (ephemeral) key-exchange algorithm.
- Diffie-Hellman (store and forward) key-exchange algorithm
A Diffie-Hellman algorithm where the exchange key values are retained (in the CSP) after the key handle has
been destroyed.
See also
Diffie-Hellman (ephemeral) key-exchange algorithm.
- Diffie-Hellman (ephemeral) key-exchange algorithm
A Diffie-Hellman algorithm where the exchange key value is deleted from the CSP when the key handle is
destroyed.
See also
Diffie-Hellman (store and forward) key-exchange algorithm.
- digested data
A data content type defined by PKCS #7 that consists of any type of data plus a message hash (digest) of the
content.
- digital certificate
See certificate.
- digital envelope
Private messages encrypted using the recipient's public key. Enveloped messages can only be decrypted by
using the recipient's private key, allowing only the recipient to understand the message.
- digital signature
Data that binds a sender's identity to the information being sent. A digital signature may be bundled with
any message, file, or other digitally encoded information, or transmitted separately. Digital signatures are used
in public key environments and provide authentication and integrity services.
- Digital Signature Algorithm
(DSA) A public key algorithm specified by Digital Signature Standard (DSS). DSA is only used to generate
digital signatures. It cannot be used for data encryption.
- digital signature key pair
See signature key pair.
- Digital Signature Standard
(DSS) A standard that specifies the Digital Signature Algorithm (DSA) for its signature algorithm and SHA-1
as its message hash algorithm. DSA is a public key cipher that is only used to generate digital signatures and
cannot be used for data encryption. DSS is specified by PROV_DSS, PROV_DSS_DH, and PROV_FORTEZZA provider
types.
- discretionary access control list
(DACL) An access control list that is controlled by the owner of an object and that specifies the access
particular users or groups can have to the object.
See also access control list and
system access control list.
- Distinguished Encoding Rules
(DER) A set of rules for encoding ASN.1 defined data as a stream of bits for external storage or
transmission. Every ASN.1 object has exactly one corresponding DER encoding. DER is defined in CCITT
Recommendation X.509, Section 8.7. This is one of two encoding methods currently used by CryptoAPI.
- DLL
See
dynamic-link library.
- DSA
See
Digital Signature Algorithm.
- DSS
See
Digital Signature Standard.
- dynamic-link library
(DLL) A file that contains executable routines that can be called from other applications.