The following terminology is commonly used in cryptography and public key infrastructure (PKI).



The process of transforming data by using a cryptographic algorithm and key. The transformed data can be recovered only by using the same algorithm and the same (symmetric) or related (public) key.


The process of returning encrypted data to its original form.


Originally referred to an unencrypted text message. Currently refers to any unencrypted data.


Originally referred to an encrypted, and therefore unreadable, text message. Currently refers to any encrypted data.


The process of converting variable length data into a fixed length, typically smaller, value. By comparing hashes, you can obtain reasonable assurance that two or more data are the same.


Encrypted hash of digital data typically used to authenticate the sender of the data or verify that the data was not tampered with during transmission.


A step-by-step procedure for encrypting data.


A random or pseudorandom number used as input to a cryptographic algorithm to encrypt and decrypt data.

Symmetric Key Cryptography

Cryptography in which encryption and decryption use the same key. This is also known as secret key cryptography.

Asymmetric Key Cryptography

Cryptography in which encryption and decryption use a different but mathematically related key. This is also called public key cryptography.


The process of encoding digital messages, including certificates, for transport across a network.

Algorithm Provider

A DLL that implements a cryptographic algorithm.

Key Storage Provider

A container for storing key material. Currently, keys can be stored in software, smart cards, or the trusted platform module (TPM).

X.509 Certificate

A digital document, typically issued by a certification authority, to verify the identity of an individual, system, or entity to other interested parties.


Related topics

Introduction to Windows Store app security
Roadmap for Windows Store apps using C# or Visual Basic