Keyczar
Ben Laurie
ben at links.org
Wed Aug 13 06:31:17 PDT 2008
http://www.links.org/?p=374
When I joined Google over two years ago I was asked to find a small
project to get used to the way development is done there. The project
I chose was one that some colleagues had been thinking about, a key
management library. I soon realised that unless the library also
handled the crypto it was punting on the hard problem, so I extended
it to do crypto and to handle key rotation and algorithm changes
transparently to the user of the library.
About nine months later I handed over my "starter project" to Steve
Weis, who has worked on it ever since. For a long time we've talked
about releasing an open source version, and I'm pleased to say that
Steve and intern Arkajit Dey did just that, earlier this week:
Keyczar[1].
"Keyczar is an open source cryptographic toolkit designed to make
it easier and safer for developers to use cryptography in their
applications. Keyczar supports authentication and encryption with both
symmetric and asymmetric keys. Some features of Keyczar include:
* A simple API
* Key rotation and versioning
* Safe default algorithms, modes, and key lengths
* Automated generation of initialization vectors and
ciphertext signatures"
When we say simple, by the way, the code for loading a keyset and
encrypting some plaintext is just two lines. Likewise for decryption.
And the user doesn't need to know anything about algorithms or modes.
Great work, guys! I look forward to the "real" version (C++, of
course!).
[1] http://www.keyczar.org/
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.links.org/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the Testlist
mailing list