Glossary

Asymmetric cryptography methods / Public key methodsEach key holder has a pair of keys. This enables encryption, decryption and digital signatures.
BTU CA GlobalCertification authority within the DFN PKI. The root CA (top certification authority, root authority) is T-TeleSec GlobalRoot Class 2 (until mid-2033). The DFN-Verein Global Issuing CA issues user certificates for members of the BTU Cottbus-Senftenberg and server certificates.
Digital SignatureElectronic signature
CryptographieIncludes algorithms, keys and certificates for encrypting, decrypting, signing, verifying signatures and creating checksums. Cryptography is used to secure
  • the confidentiality of data (only authorised persons should be able to view specific data, which is ensured by encryption)
  • Authenticity of data (the sender of the data should be clearly identifiable, ensured by digital signatures)
  • Integrity of data (it should be possible to determine whether data has arrived at the recipient unchanged, ensured by digital signatures)
User certificatesCertificates (comparable to digital ID cards) for students and employees of BTU Cottbus-Senftenberg, which can be used for encrypting/digitally signing emails, for authentication (e.g. on server applications) and for VPN/WLAN access at BTU Cottbus-Senftenberg.
Öffentlicher Schlüssel / Public KeyFor digital signatures:
  • Verification of the key holder's digital signature by the recipient of the data
For encryption:
  • Encryption of outgoing data by the key holder for the recipient of the data. Can be made available to the public.
PKIStructure in which digital certificates are issued using asymmetric encryption methods. It is often organised hierarchically:
A root instance works with a self-signed root certificate and issues certificates for CAs, which are then able to issue certificates themselves. The system used at BTU is structured as follows:
T-TeleSec GlobalRoot Class 2 -> DFN-Verein Certification Authority 2 -> DFN-Verein Global Issuing CA -> Users and servers
Policy / RichtlinienAll guidelines of a certification authority that specify how audits are conducted and how work is performed. This allows every user to determine whether they can trust the authority.
Privater Schlüssel / Private KeyFor digital signatures:
  • Generation of the digital signature by the key holder
For encryption:
  • Decryption of data intended for the key holder. Must be kept strictly confidential and protected by strong mechanisms (password, passphrase, PIN).
key pairConsists of a private key and a public key.
Server certificateCertificates for servers are used to encrypt the connection between the client and server and to ensure the authenticity of servers.
Sperrlisten / Certificate Revocation Lists / CRLsLists of blocked (withdrawn) and invalid certificates.
SSL (Secure Socket Layer) / TLS (Transport Layer Security)pplication protocol for X.509 certificates. Both asymmetric and symmetric encryption methods are used, which is also referred to as hybrid encryption. TLS is the further development of SSL.
Symmetric cryptography methodsThe same secret key is used for both encryption and decryption. Problem: exchange of the key and the information that protects it (password, passphrase, PIN).
X.509Standards for certificates and CRLs, among other things.
CertificateA form of public key that can be processed by applications. Each certificate has a unique name. This name associates the certificate with a user, but usually also with an organisation. During certification, the identity of the user is verified and confirmed by a digital signature from a certification authority.
Zertifizierungsstelle / Certification Authority / CATrusted authority that confirms the link between a public key and its owner following a verification procedure specified in the policy.
*.p12- oder *.pfx-fileContains both the private key and the certificate. This file can be imported into the applications used (browser, email client, VPN client). This file must be kept secure, as it contains the private key.