Please create an account to participate in the Slashdot moderation system

 


Forgot your password?
Close
typodupeerror
×
Encryption Programming

Easy Encryption In Java and Python With Keyczar 19

Posted by kdawson from the clear-program-take-note dept.
rsk writes "Keyczar is an encryption toolkit born out of the Google Security Team and released under the Apache 2 license. Keyczar's purpose is to make managing encryption of secured data much easier than it has been, with the following features: a simple API; key rotation and versioning; safe default algorithms, modes, and key lengths; automated generation of initialization vectors and ciphertext signatures; Java and Python implementations (C++ coming soon); and international support in Java (Python coming soon). The example on the website is only 2 lines long, and a more fully worked out example is also provided for folks wanting to get started 'for reals.'"
This discussion has been archived. No new comments can be posted.

Easy Encryption In Java and Python With Keyczar More

Easy Encryption In Java and Python With Keyczar

Comments Filter:

  • What about... (Score:3, Funny)

    by Malevolyn ( 776946 ) <{signedlongint} {at} {gmail.com}> on Saturday August 16, 2008 @08:39PM (#24630645) Homepage
    Jython? Serious question.

  • Keyczar? (Score:5, Funny)

    by Naughty Bob ( 1004174 ) * on Saturday August 16, 2008 @08:51PM (#24630753)
    As in Söze???

    Well then, I trust this product immediately and fully.

  • standard API as well ? (Score:4, Interesting)

    by johnjones ( 14274 ) on Saturday August 16, 2008 @09:02PM (#24630823) Homepage Journal

    does it implement the java crypto api (JCE) and how does it compare to The Legion of the Bouncy Castle ?

    can it do PGP otherwise its just another api wrapper essentially because its not a standard i.e. it is no good locking something up if you cant give someone else the keys...

    regards

    John Jones
    http://www.johnjones.me.uk

    • Re:standard API as well ? (Score:4, Interesting)

      by bratgitarre ( 862529 ) on Saturday August 16, 2008 @10:29PM (#24631333)
      It's waaaay smaller than Bouncy Castle. The focus of Keyczar seems to be on usability, to the point that it's seems rather black-boxy. Here's an encryption example from their page: Crypter crypter = new Crypter("/path/to/your/keys"); String ciphertext = crypter.encrypt("Secret message"); Notice that it's not at all clear what this does. Is it symmetric or asymmetric encryption? Deterministic or nondeterministic? Authenticated? It's all under the hood. If you don't care to look, you don't have to know. They try to provide safe defaults, but it won't the developer from understanding some basic crypto concepts. Bouncy Castle is a lot more comprehensive and (most likely) mature.

    • Re: (Score:3, Interesting)

      by Seakip18 ( 1106315 )

      http://www.keyczar.org/javadocs/index.html [keyczar.org]

      From what I gathered (and I'm probably wrong. I'm not the best when it comes to understanding cryptography.), you've got a private/public key or symmetric key setup, depending on your choice.

      Sorry I couldn't be more helpful.

  • Using AES256 in Python is about three lines of simple, readable code that will do the same damnable thing every time. This takes two lines of magical code that may wake up one day and decide to not even be the same class of cipher. Does this make sense to anybody? Can you explain why?

    • Re:And this simplifies things... how? (Score:5, Insightful)

      by wbren ( 682133 ) on Sunday August 17, 2008 @01:22AM (#24632191) Homepage

      I think this is similar to the programming books that say, "Look how easy it is to create a real C program! Just one line of code!" Yeah, it technically compiles and runs, but it doesn't do much of anything. This is a fairly common problem with crypto libraries in my experience: making things seem simpler than they should be in return for the "wow factor" of two-line examples, like the one provided.

      This library seems to be making a big deal about "secure defaults", but I think trying to provide defaults of any kind is a really bad idea. Cryptography is something that should be thought out on a case-by-case basis. Providing defaults of any kind can lead to misuse of otherwise safe algorithms. The safest gun is still dangerous in the hands of an inexperienced person.

      • Re: (Score:3, Insightful)

        by debatem1 ( 1087307 )
        Well said. I'm doing a little series of talks on crypto later this year and one of the hardest things to do in it is to convince people that good ciphers do not make secure cryptosystems. It becomes doubly hard when somebody slaps Google's name all over a new codebase and proclaims that you, too, can have security with nary a troublesome thought.

      • Re:And this simplifies things... how? (Score:5, Informative)

        by jilles ( 20976 ) on Sunday August 17, 2008 @02:20AM (#24632429) Homepage

        I think you are both wrong. The issue here is not the algorithms but how you combine them to do the right things. This process includes things like generating keys, storing and retrieving them, exchanging them with other parties, etc. This is surprisingly difficult to get right if you are not an expert. Many existing cryptography frameworks provide plenty of room for mistakes to be made. A single configuration error can defeat the whole purpose of using encryption. Doing things on a case by case basis only creates multiple opportunities for doing the wrong thing.

        All this framework does is provide a reasonable implementation to support a range of common use cases in a more or less fool proof way. It reduces the amount of decisions that need to be taken by a programmer and that reduces the amount of room for mistakes. In cryptography, default settings are good: you rely on proven algorithmic strength & best practices and not on obscurity. These breaking down is a lot less likely than you making a mistake.

        • Re: (Score:2)

          by wbren ( 682133 )

          I never took issue with the algorithms in my reply. In fact, I said exactly what you did about the "combining" step being the most difficult part, albeit in a less verbose way. Defaults in cryptography APIs allow inexperienced (in terms of security) programmers to blindly implement things and hope it "just works". Common use cases are great, but they can get you into trouble too...

  • jasypt (Score:2, Informative)

    by Uberdog ( 73274 )
    Sounds a lot like jasypt [jasypt.org], which I just used in a project.

  • We need to simplify the setup, not the action. (Score:4, Informative)

    by dwarfking ( 95773 ) on Sunday August 17, 2008 @12:39PM (#24635507) Homepage

    Encrypting a simple text string is not that difficult in Java, once the environment is properly configured. That is the tricky part.

    In our environment we are trying to move to a model where our internal servers are all communicating over secure connections with certificate based authentication and I am working on a mechanism to do Certificate authentication from a Java client that is an application running in a J2EE container (JBoss).

    We can use self-signed certs as it is all internal, but the setup has been a nightmare.

    First we create a root cert with OpenSSL for the web server, not too bad to do. Then we create a user certificate to allow access to a certificate protected URL under the web server. Again, fairly simple. Now, we have to get the SSL cert and client cert into the Java client, and this is where it gets difficult. We bundle the client credentials into a PKCS12 file and import it into a browser to ensure it works, and we can get to the certificate protected resource.

    The mechanism pushed by the Java specs is to either import the certs into the root certificate store for the installed JRE, or use a newly created certificate store that is identified by global properties. Neither works for us as we run multiple app servers on the same box (would share the JRE) and multiple client applications in the same JBoss (different apps need different credentials).

    After much research and testing, I finally found a mechanism for creating a custom SSLSocketFactory (using the Apache HttpClient package allows using a custom factory per connection, doesn't require it globally replace the default) that loads the server cert into the TrustManager, and reads the client key/cert (in PKCS12 format without a password on the key) into an in-memory KeyStore. Turned out I couldn't use the Sun provider to read the PKCS12 file because that version required a password be provided (can't use NULL) and if you use an empty string ("") it generated a divide by zero error. Bouncy Castle though, works fine.

    My point in this is that more code might be written more securely if some time was spent to make it easier to actually use the security. This one took me most of a week to finally work out the details and have a working prototype, with many many hours searching for samples.

    So ok, maybe two lines to do a simple encryption is nice, but can we now do something to simplify the management of the keyring?

    • Man, I hear you. I ran into the same problems with cert management and SSLSocketFactories a couple of times over the last 2.5 years in an app I work on. It's good to know it wasn't just me having this trouble.

      The Sun solution of setting some global System properties seems insane. It vastly complicates one of my cases, where the client portion of app A that talks to the server portion of app A is embedded in app B. There are race conditions about setting the global properties, and on and on. We were onl

Slashdot Top Deals

Math is like love -- a simple idea but it can get complicated. -- R. Drabek

Close