Crypto Stack

Decade filter: technology pills, flows, and compare tabs for that era.

How to use

Tap a layer → Runtime or Setup & ops. Search any term for a definition + jump link, or tap dotted underlined terms on the page.

Two axes, not one line. Use this map to classify exam questions — it is a study model, not a literal packet diagram.
Horizontal (L1→L8) — typical runtime journey when crypto is already configured. Skip pills that do not apply (no VPN? skip L2).
PKI spine — vertical trust that cuts through several layers. Not “step 9.” Setup issues certs; runtime validates them during TLS, Wi-Fi, VPN.
Setup & ops tab — what admins do first (book-heavy). Every layer has setup + runtime; PKI is the most setup-heavy.
How to read this map (important)

What left → right means

  • L1 Wi-Fi — may I join this network? (802.1X, WPA)
  • L2 VPN — optional; only if traffic crosses the Internet to another site
  • L3 Identity — who are you? (often overlaps L1 at the same moment — 802.1X is identity at the port)
  • L4 TLS — encrypt this session (HTTPS, channel crypto)
  • L5 OAuth/API — what may this app do? (authorization on top of TLS)
  • L6 Signatures — prove message integrity / sender (topic bucket — also lives inside TLS, JWT, email)
  • L7 Algorithms — AES, modes, hybrid (used everywhere — not a step you “reach” after OAuth)
  • L8 At rest — disk/DB encryption; runs in parallel, not after L7 in a live session

Real traffic does not hit every pill in order. The order helps you remember where Buchanan/WGU classifies each concept.

What the PKI spine means

  • Setup: root CA → CSR → sign cert → trust store → CRL/OCSP (Ch 6 — your pre-OA weak area)
  • Runtime: browser verifies HTTPS cert; Wi-Fi checks EAP-TLS client cert; IPsec may use cert auth
  • Think of PKI as vertical plumbing — L4 TLS and L1 EAP-TLS both depend on it

Setup vs runtime — does it fit?

  • Setup = configure once (RADIUS server, IKE policy, install server cert, enable BitLocker)
  • Runtime = repeat every session (handshake, ticket, encrypt/decrypt)
  • PKI is ~70% setup / ~30% runtime checks — that is why it has its own pill

Example: office laptop → HTTPS app

L1 (Wi-Fi join + 802.1X) → skip L2 → L3 identity inside L1 → L4 TLS → L5 OAuth if SaaS → L6/L7 happen inside TLS/JWT → L8 irrelevant until laptop sleeps. PKI validates at L1 (if EAP-TLS) and L4 (HTTPS cert).

Horizontal — exam layers (typical runtime journey)

Not every connection uses every layer. L8 (at rest) is parallel — encrypts disk while other layers handle live traffic.

Vertical — PKI trust spine (cross-cutting, not step 9)

Technologies at this layer

Runtime flow

Compare flows
Shawn instructor videos (full inventory)
Knowledge check links (full inventory)
Book setup map — Buchanan chapters → ops topics
Book / WGUSetup & ops topicsRuntime layer
Acronym index (tap underlined terms)
TermLayerExam hook