Glossary
========

This page's purpose is to provide definitions and explanations for terms used throughout
the Safe Exam Browser and Safe Exam Browser Server documentation.

.. list-table:: The Safe Exam Browser keys
   :widths: 25 25 25 25
   :header-rows: 1

   * - Term
     - What it is
     - If set up
     - If not set up
   * - Config Key (CK)
     - | A cryptographic key used to authenticate the Safe Exam Browser configuration used for an exam to ensure
       | that only authorized users can change the configuration. There is a unique key for each configuration.
       | Any change to the configuration file content (e.g. modifying settings) will alter the signature, 
       | making unauthorized changes detectable.
     - | Only clients with the correct config 
       | file can access the exam with SEB.
     - Any SEB config can be used for the exam.
   * - SEB Server Exam Key
     - | A cryptographic key generated by the Safe Exam Browser Server to identify the exam and ensure that
       | only authorized devices can access the exam. It ties SEB clients to a specific exam setup. 
       | Changing the exam settings or creating a new exam generates a new key. This ensures only 
       | clients launched for that specific exam can connect.
     - | Only SEB clients with a matching
       | exam key can access the exam.
     - Any SEB client can access the exam.
   * - Browser Exam Key (BEK)
     - | A cryptographic key used for enhanced verification. It is tied to Safe Exam Browser 
       | versions/builds and the used SEB exam settings/configuration. The BEK has to be manually copy-pasted
       | from the configuration/settings user interface of each SEB version used (SEB Windows Configuration Tool
       | or SEB in-app Settings menus on macOS/iOS). Note that you first have to finalize and save the 
       | configuration file and then copy-paste the BEKs from each SEB version without re-saving the config 
       | file (as this always changes the BEK). Modifying browser-related exam settings (e.g. permitted 
       | resources or behaviour) will generate a new BEK.
     - | Only SEB clients with correct config
       | file/SEB build (matching BEK) can connect.
     - Only the Config Key is verified.
   * - Additional Browser Exam Key (BEK)
     - | An additional cryptographic key, currently used for consecutive exams. Copy the SEB Server Exam Key 
       | of the first exam into the field for additional browser exam keys of the second exam.
     - | Only SEB clients sending either a correct SEB Server Exam Key or a matching Additional 
       | Browser Exam Key can access the exam.
     - | Only the Exam key is verified, 
       | additional BEK checks are skipped.
   * - App-Signature Key (ASK)
     - | A cryptographic key used to verify the integrity and authenticity of the Safe Exam Browser 
       | application to ensure that the application has not been tampered with. The ASK is created 
       | at runtime. There is a unique ASK for every official SEB release and build. Each manipulation 
       | of the SEB application in any way will change the ASK of that SEB.
     - Only clients providing an accepted ASK are granted.
     - Any client providing any ASK or none is granted.