August 11th, 2008
Google releases open-source crypto toolkit
Google’s security team has released an open-source cryptographic toolkit aimed at making it easier and safer for developers to use cryptography in their applications.
The toolkit, called KeyCzar, was originally developed by Steve Weis (Google) and Arkajit Dey (MIT) and is available under an Apache 2.0 license.
From Google’s announcement:
Keyczar is a cryptographic toolkit that supports encryption and authentication for both symmetric and public-key algorithms. It addresses some of the aforementioned issues by choosing safe defaults, tagging outputs with key version information, and providing a simple application programming interface. Keyczar’s key versioning system makes it easy to rotate and revoke keys, without worrying about backward compatibility or making any changes to source code.
[ SEE: Google’s anti-malware team comes out of the shadows ]
Some features of KeyCzar include:
- A simple API
- Key rotation and versioning
- Safe default algorithms, modes, and key lengths
- Automated generation initialization vectors and ciphertext signatures
- Java and Python implementations (C++ coming soon)
- International support in Java (Python coming soon)
Google’s security team previously released two other open-source utilities — a fuzzer called Flayer and Ratproxy, a passive Web application security audit tool.
Ryan Naraine is a journalist and security evangelist at Kaspersky Lab. He manages Threatpost.com, a security news portal. Here is Ryan's full profile and disclosure of his industry affiliations.
For daily updates on Ryan's activities, follow him on Twitter.
Subscribe to Zero Day via Email alerts or RSS.
