The transformation of data so that it is unreadable by anyone without a (secret) decryption key. Encryption ensures the confidentiality of information by keeping its content hidden from anyone for whom it is not intended, even those who can see the encrypted data. The Advanced Networking Option also utilizes public key encryption. In this scheme, each person receives a pair of keys: a public key and a private key.

Each person’s public key is published, while the private key is confidential. Messages encrypted with a public key can only be decrypted with the corresponding private key. Messages encrypted with a private key can only be decrypted with the corresponding public key. Keys may not be deduced from each other. The sender and receiver of an encrypted message do not share confidential information, since all communications involve only public keys. Private keys are neither transmitted nor shared.

A non-forgeable way of authenticating the sender of a message that supports non-repudiation of messages. Use of a digital signature ensures that only the purported sender of a message could actually have sent the message. The sender cannot later claim that someone impersonated her or him.

A mechanism used to establish confidence in the identity associated with a public key by incorporating public keys. A digital certificate is a binding of a public key to a user by a trusted third party known as a Certificate Authority (CA). The public key and user identity, together with other information such as the certificate expiration date, are digitally signed by the CA. CAs serve as electronic notaries, attesting to the identity of users and the validity of their public keys.