Glossary of Encryption Terminology
Welcome to the Encrypti0n.com glossary: Your quick, concise reference to essential cryptographic and encryption terms clearly explained for easy understanding.
Table of Contents
- AES-GCM (Galois/Counter Mode)
- AEAD (Authenticated Encryption with Associated Data)
- AAD (Associated Data)
- AuthTag (Authentication Tag)
- Tamper-proof
- Nonce
- IV (Initialization Vector)
- AES (Advanced Encryption Standard)
- Symmetric Encryption
- Encryption
- Decryption
- Plaintext
- Ciphertext
- Payload
- Key Material
- DEK (Data Encryption Key)
- KEK (Key Encryption Key)
- Key Wrapping
- Envelope Encryption
- HSM (Hardware Security Module)
- KMS (Key Management System)
- Master Key
- Key Rotation
- Master Password
- KDF (Key Derivation Function)
- Hash Function
- Argon2id
- Argon2 (Key Derivation)
- Memory-hardened
- Salt
- Password Entropy
- Brute-force Attack
- Base64
- Web Crypto API
AES-GCM (Galois/Counter Mode)
An AES mode that provides confidentiality and built-in authentication (AEAD). It uses a unique nonce/IV and produces an AuthTag that detects tampering. Because encryption and integrity protection happen in a single pass, it is both fast and secure on modern hardware. This makes AES-GCM the standard choice for protecting data in the browser via the Web Crypto API.
AEAD (Authenticated Encryption with Associated Data)
An encryption approach (e.g., AES-GCM) that ensures confidentiality, integrity, and authenticity. It authenticates both the ciphertext and optional associated data (AAD), outputting an AuthTag. If either the ciphertext or the AAD is modified, decryption fails instead of returning corrupted data. This guarantees that you only ever recover data exactly as it was encrypted.
AAD (Associated Data)
Data (e.g., headers/metadata) that is not encrypted but is authenticated with the ciphertext in an AEAD scheme. If AAD is altered, the AuthTag check fails. It lets you bind contextual information—such as version numbers or file names—to the ciphertext without hiding it. This prevents an attacker from reusing valid ciphertext in a different context.
AuthTag (Authentication Tag)
A short value produced by AEAD modes like AES-GCM that verifies ciphertext and AAD. If verification fails, decryption is rejected. The tag is computed from the key, the ciphertext, and any associated data, so even a single changed bit is detected. It typically adds only 16 bytes of overhead while providing strong tamper detection.
Tamper-proof
Informally describes tamper-evident protection: with AEAD (e.g., AES-GCM), any modification causes the AuthTag check to fail. Strictly speaking, encryption cannot stop someone from altering ciphertext, but it can make alterations detectable. As a result, tampered data is rejected rather than silently decrypted. This property is more precisely called "tamper-evident."
Nonce
A number used once that must be unique for each encryption under a given key in AES-GCM. Reuse breaks security and is often also called an IV. Repeating a nonce with the same key can leak relationships between messages and even expose the authentication key. For that reason a fresh random or counter-based value is generated for every encryption.
IV (Initialization Vector)
A per-message value used to randomize encryption. In AES-GCM, the IV/nonce must be unique (not necessarily secret) to maintain security. It ensures that encrypting the same plaintext twice produces different ciphertexts. Although it can be stored or transmitted in the clear alongside the ciphertext, it must never repeat under the same key.
AES (Advanced Encryption Standard)
A widely used symmetric cipher that encrypts data with 128-, 192-, or 256-bit keys. Modes like GCM add authentication. Standardized by NIST in 2001, it is trusted to protect everything from web traffic to classified data. By itself AES only encrypts fixed-size blocks, so a mode of operation determines how larger messages are handled.
Symmetric Encryption
Encryption where the same secret key is used for both encryption and decryption, e.g., AES in GCM mode. It is very fast and ideal for protecting large amounts of data. The main challenge is securely sharing or deriving the key, which is why a strong KDF or key exchange is often used alongside it.
Encryption
The process of transforming plaintext into ciphertext using a key, to protect data from unauthorized access. Only someone with the correct key can reverse the process and read the original data. Modern authenticated encryption like AES-GCM also protects integrity, ensuring the data has not been altered.
Decryption
The reverse of encryption, converting ciphertext back to plaintext using the correct key (and validating the AuthTag in AES-GCM). If the key is wrong or the data has been tampered with, decryption fails rather than producing garbage. This makes authenticated decryption a reliable signal that the recovered data is genuine.
Plaintext
Original, readable data before encryption—sometimes called cleartext. It can be text, images, files, or any other binary data. Once encrypted it becomes ciphertext, and the goal of encryption is to keep this plaintext confidential while it is stored or transmitted.
Ciphertext
Encrypted output produced from plaintext. It is unreadable without the correct key and a valid AuthTag when using AEAD. To anyone without the key it should appear indistinguishable from random data. It is therefore safe to store or transmit over untrusted channels, since the protection travels with the data itself.
Payload
The data being protected (e.g., a file’s contents). It usually refers to the plaintext before encryption or the protected ciphertext after encryption. In a layered system the payload is what the user actually cares about, separate from metadata like headers, nonces, or wrapped keys.
Key Material
Any secret bits used as cryptographic keys. In this glossary, it includes DEKs, KEKs, and higher-level keys such as a Master Key. Because its secrecy underpins all security, key material is generated from strong randomness and handled carefully in memory. Exposing it would compromise everything it protects.
DEK (Data Encryption Key)
A symmetric key that encrypts the actual data (payload). A DEK is often wrapped by a KEK using key wrapping. Using a dedicated key per dataset limits the impact if one key is exposed and makes rotation easier. The wrapped DEK can be stored right next to the ciphertext it protects.
KEK (Key Encryption Key)
A higher-trust key used to encrypt (wrap) other keys such as a DEK. Typically protected by an HSM or managed by a KMS. Because it guards many DEKs, a KEK is held to stricter security and access controls. This separation lets you rotate or revoke data keys without re-encrypting all of the underlying data.
Key Wrapping
The process of encrypting one key (e.g., a DEK) with another (a KEK) for secure transport or storage—central to envelope encryption. The wrapped key is just ciphertext, so it can be stored alongside the data it protects. Only a holder of the KEK can unwrap it to recover the original key.
Envelope Encryption
A design where the data is encrypted with a DEK, and that DEK is wrapped with a KEK via key wrapping. The wrapped DEK is stored with the ciphertext; an HSM/KMS protects the KEK. This combines the speed of symmetric encryption for bulk data with strong, centralized control over the high-value KEK. Rotating the KEK only requires re-wrapping the small DEK, not re-encrypting all the data.
HSM (Hardware Security Module)
A dedicated hardware device for secure key generation, storage, and use. Often safeguards KEKs and a Master Key and enforces key rotation policies. Keys generated inside an HSM never leave it in plaintext, so cryptographic operations are performed within the device itself. Many are certified to standards like FIPS 140-2/3 and resist physical tampering.
KMS (Key Management System)
A secure service that manages cryptographic keys: creation, storage, access control, and rotation. May use HSMs for hardware-backed protection. It centralizes key policy and auditing so applications can request encryption or wrapping without ever handling raw key material. Cloud providers offer managed KMS services that integrate with envelope encryption.
Master Key
A high-level key (often root key material) used to derive or encrypt other keys such as KEKs. Commonly protected within a HSM/KMS. Because compromising it would expose every key beneath it, it is guarded with the strongest available controls and rarely used directly. It typically sits at the very top of a key hierarchy.
Key Rotation
The periodic replacement of cryptographic keys (DEKs, KEKs, Master Keys) to reduce exposure. Often orchestrated by a KMS or enforced by an HSM. Rotating keys limits how much data is protected by any single key and shortens the window an attacker can exploit if a key leaks. With envelope encryption, rotating a KEK only requires re-wrapping DEKs rather than re-encrypting the data.
Master Password
A user-chosen secret used to derive keys via a KDF (e.g., Argon2id). Should have high entropy; never stored in plaintext. It is the single secret a user must remember, and everything else is derived from it. Because the whole system's security rests on it, choosing a long, unpredictable passphrase is essential.
KDF (Key Derivation Function)
A function that derives strong cryptographic keys from secrets (e.g., a master password), using a salt and substantial work (time/memory). Many KDFs use a hash function or cipher primitives. The deliberate cost slows down attackers who try to guess the password, while remaining fast enough for a single legitimate derivation. The salt ensures the same password yields different keys in different contexts.
Hash Function
A one-way function that maps data to a fixed-size digest, with properties like preimage and collision resistance. Used for integrity checks and inside some KDFs. Even a tiny change in the input produces a completely different digest, which makes hashes useful for detecting modification. A good hash cannot be feasibly reversed to recover the original input.
Argon2id
The recommended variant of Argon2 for password-based key derivation. It blends data-independent and data-dependent memory access to resist side-channel and GPU/ASIC attacks. This hybrid approach gives strong protection against both timing-based and brute-force hardware attacks. It won the Password Hashing Competition and is the default KDF used by Encrypti0n.com.
Argon2 (Key Derivation)
A family of KDFs that are memory-hardened. With a salt and tunable time/memory/parallelism, Argon2 thwarts large-scale brute-force attempts. Its parameters let you balance security against the time and memory available on a given device. It comes in three variants—Argon2d, Argon2i, and the recommended Argon2id.
Memory-hardened
Describes algorithms (e.g., Argon2) engineered to require significant memory, increasing cost for parallel cracking on GPUs/ASICs. Because memory is expensive to scale compared to raw computation, this design narrows the advantage that specialized hardware has over a normal computer. The result is that mass password-guessing becomes far more costly for attackers.
Salt
Random, per-password value added to KDF inputs to prevent precomputed and shared-work attacks, ensuring unique outputs even for identical passwords. It does not need to be secret and is usually stored alongside the derived data. By making every derivation unique, a salt defeats rainbow tables and stops attackers from cracking many passwords at once.
Password Entropy
A measure (in bits) of a password’s unpredictability based on length and character set. Higher entropy resists brute-force guessing. Each additional bit roughly doubles the number of guesses an attacker must try. Length generally contributes more entropy than added complexity, which is why long passphrases are encouraged.
Brute-force Attack
Systematically trying all possibilities to recover a password or key. Practicality is reduced by high entropy and KDF costs (e.g., Argon2id). The more entropy a secret has, the more combinations must be tested, quickly making exhaustive search infeasible. A deliberately slow, memory-hard KDF further raises the cost of each individual guess.
Base64
An encoding that represents binary data (ciphertexts, nonces, wrapped keys) as ASCII text. It is not encryption. It exists to safely move binary data through text-only systems such as JSON, URLs, or email. Anyone can decode it, so it provides no confidentiality on its own.
Web Crypto API
A browser API that provides primitives like AES-GCM, key wrapping, and KDF operations for building secure, in-browser cryptography. It runs natively and can keep key material out of reach of ordinary JavaScript through non-extractable keys. This lets applications like Encrypti0n.com perform encryption entirely on your device, without sending data to a server.