Esc
↑↓ navigate   Enter open   Esc close
Advanced 6 topic areas 45+ exercises

Cryptography Engineer

Cryptography Engineers design and implement the cryptographic systems that protect data at rest, in transit, and in use. Their daily English covers writing security specifications for cryptographic implementations, presenting key management proposals, reviewing TLS configurations, and documenting envelope encryption schemes. This path builds the vocabulary for discussing cryptographic protocols, key lifecycle management, and security trade-offs.

Start first exercise → Browse all exercises

Topics covered

  • Symmetric & asymmetric encryption
  • TLS & PKI
  • Key management
  • HSMs & secure enclaves
  • Cryptographic protocols
  • Applied cryptography patterns

Vocabulary spotlight

4 terms every Cryptography Engineer should know in English:

envelope encryption n.

A key management pattern where a data encryption key (DEK) is used to encrypt data and is itself encrypted by a key encryption key (KEK) — separating the concerns of data protection and key management

"We use envelope encryption so that rotating the master key only requires re-encrypting the DEKs, not all the user data."
perfect forward secrecy n.

A TLS property that ensures that session keys cannot be retroactively compromised even if the server's long-term private key is later exposed

"TLS 1.3 mandates perfect forward secrecy by removing cipher suites that use static RSA key exchange."
HSM n.

Hardware Security Module — a physical device that generates, stores, and protects cryptographic keys in tamper-resistant hardware, meeting FIPS 140-2 Level 3 or higher

"All root CA keys are stored in an HSM — they can never be exported in plaintext."
key derivation n.

The process of deriving cryptographic keys from a master secret using a key derivation function (KDF) — allows one master key to generate many purpose-specific keys

"We use HKDF for key derivation, generating separate encryption and authentication keys from a single shared secret."
Open full glossary →

📚 Vocabulary Reference

Key terms organised by category for Cryptography Engineers:

Symmetric Encryption

AESAES-GCMAES-CBCblock cipherstream ciphernonceIVauthenticated encryptionAEADChaCha20-Poly1305

Asymmetric & Hybrid

RSAECCECDSAECDHpublic keyprivate keykey exchangedigital signaturehybrid encryptionenvelope encryption

TLS & PKI

TLS 1.3certificateCAroot CAchain of trustOCSPCRLcertificate pinningperfect forward secrecycipher suite

Key Management

key lifecyclekey rotationHSMKMSkey derivationHKDFPBKDF2key wrappingkey escrowFIPS 140-2
Study full vocabulary modules →

Recommended exercises

Cryptography Engineer Interview Questions 5 exercises
Interview
Cybersecurity Vocabulary 25 exercises
Vocabulary
Security Architecture Language 5 exercises
Exercises
Zero Trust Architecture Vocabulary 5 exercises
Vocabulary
Technical Writing for Security 5 exercises
Writing

Real-world scenarios you'll practise

  • Writing a cryptographic design document: specifying algorithm choices, key lengths, rotation policies, and rationale for a new encryption scheme
  • Presenting a key rotation proposal: explaining the business case, migration risk, and rollout plan for rotating a root key that protects millions of records
  • Reviewing a TLS configuration: identifying weak cipher suites, certificate issues, and explaining the remediation to the infrastructure team
  • Documenting an envelope encryption implementation: writing the architecture decision record for a new secrets management system

Recommended reading

Explore another role

🎯 Recommendation Systems Engineer

Open path →