E (Security Glossary)

A B C D E F G H I J K L M N O P Q R S T U V W X Y Z

ECB

See electronic codebook.

ECC

See elliptic curve cryptography.

EFS

See Encrypting File System.

EKU

See enhanced key usage.

electronic codebook

(ECB) A block cipher mode (each block is encrypted individually) that uses no feedback. This means any blocks of plaintext that are identical (either in the same message or in a different message that is encrypted with the same key) is transformed into identical ciphertext blocks. Initialization vectors cannot be used with this cipher mode. If a single bit of the ciphertext block is garbled, then the entire corresponding plaintext block is also garbled.

elliptic curve cryptography

(ECC) An approach to public key cryptography based on properties of elliptic curves. The primary advantage of ECC is efficiency, which becomes important as devices get smaller and security requirements get more demanding. For example, ECC keys between 163 bits and 512 bits are one-sixth to one-thirtieth the size of equivalent security-level RSA keys. As key size increases the relative efficiency of ECC increases.

encoding

The process of turning data into a stream of bits. Encoding is part of the serialization process that converts data into a stream of ones and zeros.

encoding type

Refers to which type of encoding is used for certificate and message encoding. The encoding types are specified as a DWORD, with the type of certificate encoding stored in the low-order word and the type of message encoding stored in the high-order word. Although some functions or structure fields require only one of the encoding types, it is always acceptable to specify both.

encryption

The process of converting plaintext to ciphertext to help prevent it from being read and understood by an unauthorized party. Encryption is the opposite of decryption.

encrypted data

Data that has been converted from plaintext into ciphertext. Encrypted messages are used to disguise the content of a message when it is sent or stored.

Encrypting File System

(EFS) A feature in the Windows operating system that enables users to encrypt files and folders on an NTFS volume disk to keep them safe from access by intruders.

encryption and decryption functions

Simplified message functions used to encode and encrypt (or decode and decrypt) data. As a set, these functions include support for simultaneously encrypting and decrypting data.

See also simplified message functions.

enhanced content type

A class of data contained in a PKCS #7 message that contains data (possibly encrypted), plus cryptographic enhancements such as hashes or signatures. Types of enhanced data defined by PKCS #7 include signed data, enveloped data, signed-and-enveloped data, and digested (hashed) data.

enhanced key usage

(EKU) Both a certificate extension and a certificate extended property value. An EKU specifies the uses for which a certificate is valid.

enveloped data content type

A PKCS #7 enhanced content that consists of encrypted content (of any type) and content-encryption keys (for one or more recipients). The combination of encrypted content and encryption key for a recipient is called a digital envelope for that recipient. This type of message should be used when you want to keep the contents of the message secret and allow only specified persons or entities to retrieve the contents.

exchange key

See exchange key pair.

exchange key pair

A public/private key pair used to encrypt session keys so that they can be safely stored and exchanged with other users. Exchange key pairs are created by calling the CryptGenKey function.

Compare signature key pair.

external store

A certificate store that maintains its certificates, CRLs, and CTLs in a location external to cached memory, such as in a database on a network server. An external store does not read and decode its certificates, CRLs, and CTL when the CertOpenStore function is called. Reading and decoding is deferred until an enumeration or find method is called.