RCMP Certificate Services Program - Glossary


An algorithm is one of the basic elements of encryption. It is a sequence of steps used to perform a mathematical operation.


A security service that is used to confirm the identity of participants in an electronic transaction.

Canadian Federal PKI Bridge (CFPB)

The Canadian Federal PKI Bridge is the policy management authority for the Government of Canada Public Key Infrastructure. It is responsible for signing and managing cross-certificates with the top government level Certificate Authorities.

Canadian Police Trust Model

A group of Certificate Authorities (CA) responsible for issuing digital certificates to the Canadian law enforcement community. One of the main objectives of this group is to ensure only one digital certificate is issued to each Canadian law enforcement employee.

Certificate Authority (CA)

The CA is responsible for issuing digital certificates used to create digital signatures and public-private key pairs. The role of the CA in this process is to confirm the identity of the user.

Certificate Expiry

The date after which a user's certificate should no longer be trusted.

Certificate Policy (CP)

Security policies that regulate the management of the PKI. These policies are set by the Government of Canada.

Certificate Practice Statement (CPS)

A comprehensive description of the practices that a Certificate Authority adheres to in issuing, suspending, revoking, and renewing digital certificates.

Certificate Revocation

Certificate revocation is the act of disabling the use of a digital certificate when it becomes expired.

Certificate Revocation List (CRL)

The CRL is where the expired digital certificates are stored.


A certificate issued by a Certificate Authority to establish a trust relationship between it and another CA. Cross Certificate enables a CA to securely communicate with another CA.


The art of protecting information by transforming it (encrypting it) into an unreadable format, called cipher text. Only those who possess a secret key can decipher (or decrypt) the message into plain text.

Cryptographic Module

A cryptographic module is a hardware device that stores information identifying the user along with the user’s private keys (encryption and decryption). Cryptographic modules can be either tokens or smart cards.


The process of decoding data that has been encrypted into a secret format. Decryption requires a secret key or password.

Decryption Key

A passphrase or table needed to decipher encoded data.

Digital Certificate

A digital certificate is a secure electronic identity that certifies the identity of the holder. Issued by the certificate authority it typically contains a user's name, public key, and related information. A digital certificate is signed by a private key of the certificate authority which issued it.

Digital Signature

A digital signature provides verification to a recipient that the signed file came from the person who sent it, and that it was not altered since it was signed. Thus, digital signatures provide authentication and integrity and ultimately non-repudiation. A digital signature is similar to a paper signature and is legally binding.


The translation of data into a secret code. Encryption is the most effective way to achieve data security. To read an encrypted file, you must have access to a secret key or password that enables you to decrypt it. Unencrypted data is called plain text ; encrypted data is referred to as cipher text.

Encryption Key

A passphrase or algorithm needed to encode text into cipher text.

Top of Page


An international company that provides PKI software called Entrust technologies.

Federal Information Processing Standard (FIPS)

Federal Information Processing Standards (FIPS) is a federal government standard by which security products are measured.


Hash is a mathematical formula that converts a message of any length into a unique fixed- length string of digits. A hash is a one-way function and is infeasible to reverse the process to determine the original message. A hash is used to ensure the integrity of the message.

Local Registration Authority (LRA)

Local Registration Authority. A LRA is an employee of a non-RCMP Canadian police agency who is certified to perform RCMP certificate duties for their agency on behalf of the RCMP certificate authority (CA).


A security service that ensures that a message sender can not deny sending a message and that the recipient can not deny receipt.


A confidential sequence of letters, characters and numbers, that has to be typed in order to gain access to a particular network or computer.

Private Key

One of the two keys used in PKI. The private key is kept secret and protected by a passphrase, to be used in conjunction with corresponding public key.

Th private keys are:

(1) Digital signature key - used to create a digital signature.

(2) Decryption key – used to decrypt confidential information

Public Key

One of the two keys used in PKI. The public key is made public, to be used in conjunction with a corresponding private key.

The public keys are:

Public Key Infrastructure (PKI)

Public Key Infrastructure is an infrastructure using public key technology (encryption and digital signature key pairs) to provide authentication, integrity, confidentiality and non-repudiation.


A physical object designed to securely store an individual's digital identity (private keys) which is inserted into a USB port. A token is the cryptographic module chosen by the RCMP.

Trusted Third Party

An agency providing security related services and activities to one or more entities in a given security structure.

Date modified: