Code license:	Apache License 2.0
Labels:	Cryptography, KeyManagement, Security, Google

Show all Featured downloads:
keyczar-cpp-0.6b-rev448.tar.bz2 keyczar05b.pdf keyczar06b-062909-src.jar keyczar06b-1.5-062909.jar keyczar06b-1.6-062909.jar python-keyczar-0.6b.061709.tar.gz

Show all Featured wiki pages:
CppTutorial JavaDependencies KeyczarDotNet KeyczarPhilosophy MavenInstructions PythonDependencies

Links:	Keyczar.org JavaDocs PyDocs Maven Repository SVN Trunk
Feeds:	Project feeds
Groups:	Keyczar Discussion

People details

Project owners:
	steveweis, arkajit.dey, benlaurie
Project committers:
	b...@adida.net, daswani.neil, bodomoeller, rafael.castro, orestica, giulio.cesare, martclau, naresh.sankineni, sebastien.martini

Keyczar

Keyczar is an open source cryptographic toolkit designed to make it easier and safer for devlopers to use cryptography in their applications. Keyczar supports authentication and encryption with both symmetric and asymmetric keys. Some features of Keyczar include:

A simple API
Key rotation and versioning
Safe default algorithms, modes, and key lengths
Automated generation of initialization vectors and ciphertext signatures
Java, Python, and C++ implementations

Why Keyczar?

Cryptography is easy to get wrong. Developers can often choose the wrong cipher mode, use obsolete algorithms, compose primitives in an unsafe manner, or fail to anticipate the need for key rotation. Keyczar abstracts some of these details by choosing safe defaults, automatically tagging outputs with key version information, and providing a simple interface.

Keyczar is designed to be open, extensible, and cross-platform compatible. It is not intended to replace existing cryptographic libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is built on these libraries.

An illustrative use case

Suppose an application needs to encrypt a URL parameter value with a symmetric key. Normally, a developer would need to decide which algorithm to use, the key length to use, the mode of operation, how to handle initialization vectors, how to rotate keys, and how to sign ciphertexts. Keyczar simplifies these choices. Using an existing keyset, a Java developer would just need to call the following:

	Crypter crypter = new Crypter("/path/to/your/keys");
	String ciphertext = crypter.encrypt("Secret message");

	crypter = Crypter.Read("/path/to/your/keys");
	ciphertext = crypter.Encrypt("Secret message");

An example in C++:

        keyczar::Keyczar* crypter = keyczar::Encrypter::Read(location);
        if (!crypter) return 1;
        std::string ciphertext;
        bool result = crypter->Encrypt(input, &ciphertext);

For More Information

Please see the design documents, JavaDocs, and PyDocs for more information. Keyczar's unit test cases are also good examples of typical usage.

For Developers

SVN Checkout:

Java: svn checkout http://keyczar.googlecode.com/svn/trunk/java/code
Python: svn checkout http://keyczar.googlecode.com/svn/trunk/python
C++: svn checkout http://keyczar.googlecode.com/svn/trunk/cpp

Java Maven Checkout:

Repository: http://keyczar.googlecode.com/svn/trunk/java/maven/
Group-Id: org.keyczar
Artifact-Id: keyczar

Caveats

Keyczar sacrifices some flexibility in favor of safety and ease of use. Protecting developers from mistakes and handling details for them may also hide useful underlying features. Please see the NonGoals wiki page for a description of things that Keyczar is not.

Disclaimer

Keyczar is very much beta software. The wire formats and key formats may change with later versions. Backward compatibility with early versions may not necessarily be maintained.