Our comments and trackback policy You Link We Follow, You Comment We Promote

Google has released an open source Cryptography toolkit, KeyCzar. According to Google’s Online Security Blog:

“Cryptography is notoriously hard to get right and if improperly used, can create serious security holes. Common mistakes include using the wrong cipher modes or obsolete algorithms, composing primitives in an unsafe manner, hard-coding keys in source code, or failing to anticipate the need for future key rotation. With these risks in mind, we’re pleased to announce the open-source release of Keyczar“.

KeyCzar supports encryption and authentication for both symmetric and public-key algorithms. The toolkit address some of the earlier mentioned problems by employing safe defaults, tagging outputs with key version information, and provides a simple and easy to use application programming interface.

KeyCzar has an innovative versioning system that enables users to rotate or revoke keys with ease, without creating backward compatibility issues for already created keys or keys already being used in existing applications.

KeyCzar’s code base is hosted on Google Code and Google has also set up a discussion group to help developers interact with each other in order to foster further development of the toolkit.