Merge pull request #12 from Frosne/confident

verocri · web-flow · commit 88aa4e0822d4 · 2025-12-12T10:17:50.000+01:00
Updates for confidentiality subsection
diff --git a/index.bs b/index.bs
@@ -80,8 +80,11 @@ It is important to note that cryptographic standards are continuously evolving t
 Cryptography provides several fundamental security services, including confidentiality, integrity, data authenticity, non-repudiation, and authentication. Often, a single cryptographic mechanism can provide more than one service—for example, digital signatures can ensure both authenticity and non-repudiation—but no single mechanism can cover all services. Conversely, achieving a particular security service may require combining multiple cryptographic mechanisms; for instance, ensuring confidentiality typically requires both an encryption algorithm and a key management system. In the following sections, we will examine each of these security services in more detail.
 
 ## Confidentiality ## {#confidentiality}
-Confidentiality ensures that information is protected from being disclosed to unauthorized parties. It is typically achieved through encryption, which transforms readable data into an unreadable data using a cryptographic key. Only authorized parties that know the correct key can decrypt and access the original information.
-The most used cryptographic algorithms for ensuring confidentiality are [symmetric encryption](#symmetric-encryption) algorithms, such as AES (Advanced Encryption Standard).
+
+**Confidentiality** in cryptography aims to ensure that information is kept secret from unauthorized parties—only the intended recipient(s) can access and understand the message, while anyone else—even if they intercept it—cannot make sense of it. This is typically achieved through **encryption** — covered in Sections [7.1](#asymmetric-encryption) and [7.2](#symmetric-encryption) — which converts readable data (**plaintext**) into **ciphertext** that can only be decrypted by authorized parties with the correct cryptographic key; a widely used example is the **Advanced Encryption Standard (AES)**, standardized by the U.S. National Institute of Standards and Technology [[!FIPS-197]].
+
+Maintaining confidentiality also requires proper key management and access control. Secure key management ensures that cryptographic keys are safely generated, stored, and distributed, while access control mechanisms restrict information to only those with permission, preventing unauthorized use or disclosure (see [Section 4.2](#key-management) for more details on key management).
+
 
 ## Integrity ## {#integrity}
 Integrity ensures that data remains unchanged and unaltered during transmission or storage. It is typically achieved through hashing algorithms. If the data is modified, the hash value will change, indicating that the integrity of the data has been compromised. Integrity is essential for ensuring that information remains accurate, preventing unauthorized modifications. The most used cryptographic algorithms for ensuring integrity are [hash functions](#hash-functions), such as SHA-256 (Secure Hash Algorithm 256-bit).
