Google tries its hand at cryptography

Powered by SC Magazine
 

Google is taking a step into the field of cryptography, with KeyCzar, an open-source tool which allows developers to use encryption within their applications.

The aim of the tool is to provide developers with a more secure and reliable cryptography tool that can easily be inserted into their code, according to Steve Weis, the Google security software engineer who helped develop KetCzar.

"Cryptography is notoriously hard to get right and if improperly used, can create serious security holes," Weiss wrote in a company blog posting.

Weiss explained that common mistakes, such as using outdated algorithms or not being able to rotate in new encryption keys can render the tools completely useless.

The aim of Key Czar was to simplify those acts and allow developers to not only put cryptography tools in place, but also manage and change encryption keys if need be.

"Keyczar's key versioning system makes it easy to rotate and revoke keys, without worrying about backward compatibility or making any changes to source code," he wrote.

Google warns, however, that KeyCzar should not be viewed as a complete cryptography system. It does not contain any actual crypto libraries and does not perform many of the actual cryptography tasks.

"Keyczar is essentially a library, and doesn't actually serve keys or certificates," the project's developers said on a 'non-goals' page.

"Keyczar keys are just flat files in a directory."

The first versions of KeyCzar are being made available for download on the Google Code service. The tool is currently limited to the Java and Python programming languages, but Google plans to release a C++ version shortly.

The company is also inviting third parties to get involved with the project. Developers can join through KeyCzar's Google Code page.

Copyright ©v3.co.uk


Google tries its hand at cryptography
 
 
 
Top Stories
Australia's godfather of agile
Few technology leaders have seen the forces of digital disruption so repeatedly and at such close quarters than Nigel Dalton, CIO of the REA Group.
 
Photos: Innovation sprouts up among the lettuces
Inside the 21st Century farms managed from a smartphone.
 
Slow progress in Turnbullistan
[Blog post] How has the NBN moved ahead since regime change?
 
 
Sign up to receive iTnews email bulletins
   FOLLOW US...
Latest Comments
Polls
What is delaying adoption of public cloud in your organisation?







   |   View results
Lock-in concerns
  23%
 
Application integration concerns
  3%
 
Security and compliance concerns
  31%
 
Unreliable network infrastructure
  9%
 
Data sovereignty concerns
  24%
 
Lack of stakeholder support
  3%
 
Protecting on-premise IT jobs
  4%
 
Difficulty transitioning CapEx budget into OpEx
  3%
TOTAL VOTES: 581

Vote