eScan Terminology

Electronic codebook *

(ECB) A block cipher mode (each block is encrypted individually) that uses no feedback. This means any blocks of plaintext that are identical (either in the same message or in a different message that is encrypted with the same key) is transformed into identical ciphertext blocks. Initialization vectors cannot be used with this cipher mode. If a single bit of the ciphertext block is garbled, then the entire corresponding plaintext block is also garbled.



The process of turning data into a stream of bits. Encoding is part of the serialization process that converts data into a stream of ones and zeros.

Encoding type

Refers to which type of encoding is used for certificate and message encoding. The encoding types are specified as a DWORD, with the type of certificate encoding stored in the low-order word and the type of message encoding stored in the high-order word. Although some functions or structure fields require only one of the encoding types, it is always acceptable to specify both.

Encrypted data

Data that has been converted from plaintext into ciphertext. Encrypted messages are used to disguise the content of a message when it is sent or stored.

Encrypting File System

(EFS) A feature in the Windows operating system that enables users to encrypt files and folders on an NTFS volume disk to keep them safe from access by intruders.


The process of converting plaintext to ciphertext to help prevent it from being read and understood by an unauthorized party. Encryption is the opposite of decryption.

Encryption and decryption functions

Simplified message functions used to encode and encrypt (or decode and decrypt) data. As a set, these functions include support for simultaneously encrypting and decrypting data.

Enhanced content type

A class of data contained in a PKCS #7 message that contains data (possibly encrypted), plus cryptographic enhancements such as hashes or signatures. Types of enhanced data defined by PKCS #7 include signed data, enveloped data, signed-and-enveloped data, and digested (hashed) data.

Enhanced key usage

(EKU) Both a certificate extension and a certificate extended property value. An EKU specifies the uses for which a certificate is valid.

Enveloped data content type

A PKCS #7 enhanced content that consists of encrypted content (of any type) and content-encryption keys (for one or more recipients). The combination of encrypted content and encryption key for a recipient is called a digital envelope for that recipient. This type of message should be used when you want to keep the contents of the message secret and allow only specified persons or entities to retrieve the contents.

Exchange key pair

A public/private key pair used to encrypt session keys so that they can be safely stored and exchanged with other users. Exchange key pairs are created by calling the CryptGenKey function.

External store

A certificate store that maintains its certificates, CRLs, and CTLs in a location external to cached memory, such as in a database on a network server. An external store does not read and decode its certificates, CRLs, and CTL when the CertOpenStore function is called. Reading and decoding is deferred until an enumeration or find method is called.

Live Chat