Ben Laurie blathering


When I joined Google over two years ago I was asked to find a small project to get used to the way development is done there. The project I chose was one that some colleagues had been thinking about, a key management library. I soon realised that unless the library also handled the crypto it was punting on the hard problem, so I extended it to do crypto and to handle key rotation and algorithm changes transparently to the user of the library.

About nine months later I handed over my “starter project” to Steve Weis, who has worked on it ever since. For a long time we’ve talked about releasing an open source version, and I’m pleased to say that Steve and intern Arkajit Dey did just that, earlier this week: Keyczar.

Keyczar is an open source cryptographic toolkit designed to make it easier and safer for developers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys. Some features of Keyczar include:

  • A simple API
  • Key rotation and versioning
  • Safe default algorithms, modes, and key lengths
  • Automated generation of initialization vectors and ciphertext signatures

When we say simple, by the way, the code for loading a keyset and encrypting some plaintext is just two lines. Likewise for decryption. And the user doesn’t need to know anything about algorithms or modes.

Great work, guys! I look forward to the “real” version (C++, of course!).

1 Comment

  1. if its google, then i don’t see how it could be trusted. why not use pgp? or gpg?

    Comment by John — 10 Sep 2008 @ 6:09

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress