Cryptography is the science of securing information. From ancient ciphers to the algorithms protecting every online transaction today, it is the mathematical bedrock on which digital certificates, PKI, and all modern security are built.
At its core, cryptography is the practice of converting readable information (called plaintext) into an unreadable format (called ciphertext) so that only authorized parties can access it. The word itself comes from the Greek kryptós (hidden) and graphein (to write).
Cryptography is not new. Over two thousand years ago, Julius Caesar used a simple letter-substitution cipher to send military orders: each letter in his message was shifted by three positions in the alphabet. If intercepted, the message looked like gibberish. This technique, now called the Caesar cipher, is one of the earliest documented encryption methods.
Fast-forward to the twentieth century. During World War II, the German Enigma machine used electromechanical rotors to produce ciphertext that was considered unbreakable, until Alan Turing and his team at Bletchley Park found a way to crack it. That breakthrough shortened the war and demonstrated a truth that still holds today: cryptographic strength is always relative to the computational power available to an attacker.
Modern cryptography relies on mathematical problems that are easy to compute in one direction but practically impossible to reverse. When you visit a website over HTTPS, send an encrypted email, or sign a software update, cryptographic algorithms are working behind the scenes, authenticating identities, protecting data in transit, and ensuring nothing has been tampered with. Understanding how they work is the first step to understanding digital certificates, key pairs, and the entire public key infrastructure.
A hash function takes an input of any size and produces a fixed-length output, the hash or digest. Even a one-bit change in the input produces a completely different hash. This property makes hashes ideal for verifying data integrity.
Cryptographic hashes are one-way: you can easily compute the hash from the input, but it is computationally infeasible to reconstruct the original input from the hash. This is what makes them useful for password storage and data verification.
A digital signature is created by hashing a message and then encrypting the hash with the signer's private key. Anyone with the signer's public key can verify the signature, confirming both the identity of the signer and the integrity of the message.
Because only the holder of the private key can produce a valid signature, digital signatures provide non-repudiation: the signer cannot later deny having signed the document. This property is legally significant in many jurisdictions.
Full algorithm visibility — Evertrust CLM discovers every certificate across your infrastructure and inventories the algorithms and key lengths in use, so you know exactly where RSA-2048, ECC P-256, or legacy algorithms are deployed.
Policy enforcement — Define organizational rules on minimum key lengths, approved algorithms, and hash functions. Evertrust flags non-compliant certificates automatically, preventing weak cryptography from reaching production.
Crypto-agility ready — When the time comes to migrate from RSA to ECC, or from classical to post-quantum algorithms, Evertrust PKI lets you re-issue certificates at scale with new algorithms, across all your CAs and environments.
Compliance reporting — Generate audit-ready reports showing which cryptographic standards are in use across your certificate estate, essential for meeting regulatory requirements like eIDAS, NIS2, and DORA.
