keyczar - Project Hosting on Google Code

Last 30 days Dec 17, 2009 r457 (Adding TODOs to a couple of the comments ) committed by steveweis - Adding TODOs to a couple of the comments Adding TODOs to a couple of the comments Dec 17, 2009 issue 7 (Likely need to specify an encoding for Java String getBytes(...) Status changed by steveweis - Fixed. Status: Fixed Fixed. Status: Fixed Dec 17, 2009 issue 39 (Add support for session keys (was: javax.crypto.IllegalBlock...) Status changed by steveweis - I checked in some experimental code for hybrid encryption. Documentation updates are forthcoming. Status: Started I checked in some experimental code for hybrid encryption. Documentation updates are forthcoming. Status: Started Dec 17, 2009 r456 (Adding experimental support for hybrid encryption. This is s...) committed by steveweis - Adding experimental support for hybrid encryption. This is still under development and the documentation is not updated yet, so use with caution. Adding experimental support for hybrid encryption. This is still under development and the documentation is not updated yet, so use with caution. Older Nov 17, 2009 PythonDependencies (List of packages that Keyczar-Python depends on.) Wiki page commented on by the.ben.hyde - The Google App Engine version of PyCrypto is pure python, correct? The Google App Engine version of PyCrypto is pure python, correct? Nov 10, 2009 issue 7 (Likely need to specify an encoding for Java String getBytes(...) commented on by gzmonmon - If you don't specify encoding, then the platform default would be used. It may be a good idea that we always use UTF-8, and possibly give user the flexibility of specifying character set. If you don't specify encoding, then the platform default would be used. It may be a good idea that we always use UTF-8, and possibly give user the flexibility of specifying character set. Nov 10, 2009 issue 7 (Likely need to specify an encoding for Java String getBytes(...) commented on by y...@google.com - If you don't specify encoding, then the platform default would be used. It may be a good idea that we always use UTF-8, and possibly give user the flexibility of specifying character set. If you don't specify encoding, then the platform default would be used. It may be a good idea that we always use UTF-8, and possibly give user the flexibility of specifying character set. Oct 13, 2009 SamplePythonUsage (Sample Python Usage) Wiki page added by steveweis - Revision r455 Created wiki page through web user interface. Revision r455 Created wiki page through web user interface. Oct 13, 2009 issue 48 (Provide better example usage of signing and encryption) commented on by steveweis - I'll add this to the wiki as an example. I'll add this to the wiki as an example. Oct 09, 2009 issue 53 (Error in keyczar05b.pdf) reported by sean.foy - http://keyczar.googlecode.com/files/keyczar05b.pdf section 2.4 says "Promoting an active key will raise its status to primary, and promoting an inactive status will make it primary" (emphasis mine). This doesn't seem so similar to the sentence in the next paragraph: "Similarly, demote will lower a primary key to active, and an active key to inactive." It also doesn't match the code in http://www.keyczar.org/pydocs/keyczar.keyczar-pysrc.html I believe the sentence should say "Promoting an active key will raise its status to primary, and promoting an inactive status will make it active." http://keyczar.googlecode.com/files/keyczar05b.pdf section 2.4 says "Promoting an active key will raise its status to primary, and promoting an inactive status will make it primary" (emphasis mine). This doesn't seem so similar to the sentence in the next paragraph: "Similarly, demote will lower a primary key to active, and an active key to inactive." It also doesn't match the code in http://www.keyczar.org/pydocs/keyczar.keyczar-pysrc.html I believe the sentence should say "Promoting an active key will raise its status to primary, and promoting an inactive status will make it active." Oct 02, 2009 issue 48 (Provide better example usage of signing and encryption) commented on by kvamlnk - Is this code good enough to serve as a Crypter example? I'll make any repairs you think necessary to provide a reasonable example. Is this code good enough to serve as a Crypter example? I'll make any repairs you think necessary to provide a reasonable example. Sep 18, 2009 issue 52 (Request for a l10n translation to Turkish) reported by hailsematary - Please translate the Keyczar messages to Turkish Please translate the Keyczar messages to Turkish Sep 16, 2009 WebSafeBase64 (Description of the web-safe Base64 encoding format used by K...) Wiki page commented on by maliskoleather - 125444755 125444755 Aug 28, 2009 issue 48 (Provide better example usage of signing and encryption) Labels changed by arkajit.dey - Elevating the priority. A few people have been asking for examples and I think it would be pretty useful. I'll also try to free up some time for this. Labels: Priority-High −Priority-Medium Elevating the priority. A few people have been asking for examples and I think it would be pretty useful. I'll also try to free up some time for this. Labels: Priority-High −Priority-Medium Aug 27, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r454 Edited wiki page through web user interface. Revision r454 Edited wiki page through web user interface. Aug 25, 2009 issue 51 (Calling addkey on an HMAC_SHA1 keyset with --size != 256 res...) commented on by chris.karlof - In the instructions to reproduce, the --location option should be the same in each command, of course. In the instructions to reproduce, the --location option should be the same in each command, of course. Aug 25, 2009 issue 51 (Calling addkey on an HMAC_SHA1 keyset with --size != 256 res...) reported by chris.karlof - What steps will reproduce the problem? 1. keyczart.py create --location=test --purpose=sign 2. keyczart.py addkey --location=keys --size=512 3. What is the expected output? What do you see instead? The key that is added is indeed 512 bits, but the "size" attribute in json is 256 bits. What version of the product are you using? On what operating system? python-keyczar-0.6b, python2.5 on ubuntu Please provide any additional information below. The reason is because the size setter in the Key class calls __SetSize def __SetSize(self, new_size): if self.type.IsValidSize(new_size): self.__size = new_size which checks to see if the size is in the valid list of sizes, which 512 is not for HMAC keys: HMAC_SHA1 = KeyType("HMAC_SHA1", 1, [256], 20) However, it still generates the correct size key because HmacKey.Generate generates the correct size key and passes it to the HmacKey constructor, which in turn calls the size setter, which silently fails and instead just sets the size to the allowed size of 256. HMAC is compatible with any size key, so I don't see why it should be limited to 256 bits. But if it is restricted, then you should throw an error when the user tries to set it to something different. What steps will reproduce the problem? 1. keyczart.py create --location=test --purpose=sign 2. keyczart.py addkey --location=keys --size=512 3. What is the expected output? What do you see instead? The key that is added is indeed 512 bits, but the "size" attribute in json is 256 bits. What version of the product are you using? On what operating system? python-keyczar-0.6b, python2.5 on ubuntu Please provide any additional information below. The reason is because the size setter in the Key class calls __SetSize def __SetSize(self, new_size): if self.type.IsValidSize(new_size): self.__size = new_size which checks to see if the size is in the valid list of sizes, which 512 is not for HMAC keys: HMAC_SHA1 = KeyType("HMAC_SHA1", 1, [256], 20) However, it still generates the correct size key because HmacKey.Generate generates the correct size key and passes it to the HmacKey constructor, which in turn calls the size setter, which silently fails and instead just sets the size to the allowed size of 256. HMAC is compatible with any size key, so I don't see why it should be limited to 256 bits. But if it is restricted, then you should throw an error when the user tries to set it to something different. Aug 22, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r453 Edited wiki page through web user interface. Revision r453 Edited wiki page through web user interface. Aug 20, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r452 Edited wiki page through web user interface. Revision r452 Edited wiki page through web user interface. Aug 20, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r451 Edited wiki page through web user interface. Revision r451 Edited wiki page through web user interface. Aug 20, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r450 Edited wiki page through web user interface. Revision r450 Edited wiki page through web user interface. Aug 20, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r449 Edited wiki page through web user interface. Revision r449 Edited wiki page through web user interface. Aug 18, 2009 keyczar-cpp-0.6b-rev448.tar.bz2 (Keyczar 0.6b C++ Release (rev. 448)) file uploaded by sebastien.martini - Labels: Type-Source Language-Cpp Featured Labels: Type-Source Language-Cpp Featured Aug 18, 2009 r448 (Modified method CmdCreate into KeyczarTool. ) committed by sebastien.martini - Modified method CmdCreate into KeyczarTool. Modified method CmdCreate into KeyczarTool. Aug 18, 2009 r447 (- Added new examples. - Modified LOG(INFO) output format. - ...) committed by sebastien.martini - - Added new examples. - Modified LOG(INFO) output format. - Added comments to KeyczarTool. - Added new examples. - Modified LOG(INFO) output format. - Added comments to KeyczarTool. Aug 18, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r446 Edited wiki page through web user interface. Revision r446 Edited wiki page through web user interface. Aug 17, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r445 Edited wiki page through web user interface. Revision r445 Edited wiki page through web user interface. Aug 17, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r444 Edited wiki page through web user interface. Revision r444 Edited wiki page through web user interface. Aug 17, 2009 keyczar-cpp-0.6b-rev438.tar.bz2 (Keyczar 0.6b C++ Release (rev. 438)) file uploaded by sebastien.martini - Labels: Type-Source Language-Cpp Featured Labels: Type-Source Language-Cpp Featured Aug 17, 2009 CppForDevelopers (Keyczar C++ for Developers) Wiki page edited by sebastien.martini - Revision r443 Edited wiki page through web user interface. Revision r443 Edited wiki page through web user interface. Aug 17, 2009 CppForDevelopers (Keyczar C++ for Developers) Wiki page edited by sebastien.martini - Revision r442 Edited wiki page through web user interface. Revision r442 Edited wiki page through web user interface. Aug 17, 2009 CppForDevelopers (Keyczar C++ for Developers) Wiki page edited by sebastien.martini - Revision r441 Edited wiki page through web user interface. Revision r441 Edited wiki page through web user interface. Aug 17, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini - Revision r440 Edited wiki page through web user interface. Revision r440 Edited wiki page through web user interface. Aug 17, 2009 r439 (Cleaned-up and refactored code.) committed by sebastien.martini - Cleaned-up and refactored code. Cleaned-up and refactored code. Aug 17, 2009 r438 (- Moved source code only used by unittests to src/keyczar/ba...) committed by sebastien.martini - - Moved source code only used by unittests to src/keyczar/base_test. - Moved keyczart and KeyczartTool to src/keyczar/keyczar_tool. - Moved readers and writers to src/keyczar/rw. - Use only UTF-8 encoded std::string, removed all std::wstring, w_char and dependancy on libicu (for a rationale see http://code.google.com/p/protobuf/issues/detail?id=24). Cleaned-up src/keyczar/base (again). - Implemented ScopedSafeString for managing private/secret keys and passwords. It erases sensitive strings when objects are deleted or after use. Currently relies on memset() but could be easily replaced with OPENSSL_cleanse (copied from OpenSSL) in STLStringMemErase() and few other places. What could make memset() uncertain are potentials compilers optimizations that would optimize out these calls from assembled binary. - Added new reader KeysetPBEJSONFileReader and writer KeysetPBEJSONFileWriter to handle AES encrypted JSON keys with PBE algorithm. It uses OpenSSL's PKCS5 v2.0 implementation therefore HMAC_SHA256 should be automatically used as prf when OpenSSL 1.0.0+ is detected and HMAC_SHA1 otherwise. Modified keyczart and KeyczarTool to accept passwords through --pass option (this option is similar to the crypter option). Added new PBE example pbe_keyset.py and new set of key src/keyczar/data/pbe_json. - Added new factory method to automatically select the right reader to instanciate from its location type (currently only returns KeysetJSONFileReader though). - Improved KeyczarTool interface. - Updated SWIG interface to support KeysetPBEJSONFileReader and to interface all commands implemented by KeyczarTool. Added new related example keyczar_tool.py. - Added new command 'exportkey' to export private keys to PKCS8 format encrypted files. - Updated and added new examples. - Fixed issues, refactored files, hierarchies and namespaces. Improved comments. - Moved source code only used by unittests to src/keyczar/base_test. - Moved keyczart and KeyczartTool to src/keyczar/keyczar_tool. - Moved readers and writers to src/keyczar/rw. - Use only UTF-8 encoded std::string, removed all std::wstring, w_char and dependancy on libicu (for a rationale see http://code.google.com/p/protobuf/issues/detail?id=24). Cleaned-up src/keyczar/base (again). - Implemented ScopedSafeString for managing private/secret keys and passwords. It erases sensitive strings when objects are deleted or after use. Currently relies on memset() but could be easily replaced with OPENSSL_cleanse (copied from OpenSSL) in STLStringMemErase() and few other places. What could make memset() uncertain are potentials compilers optimizations that would optimize out these calls from assembled binary. - Added new reader KeysetPBEJSONFileReader and writer KeysetPBEJSONFileWriter to handle AES encrypted JSON keys with PBE algorithm. It uses OpenSSL's PKCS5 v2.0 implementation therefore HMAC_SHA256 should be automatically used as prf when OpenSSL 1.0.0+ is detected and HMAC_SHA1 otherwise. Modified keyczart and KeyczarTool to accept passwords through --pass option (this option is similar to the crypter option). Added new PBE example pbe_keyset.py and new set of key src/keyczar/data/pbe_json. - Added new factory method to automatically select the right reader to instanciate from its location type (currently only returns KeysetJSONFileReader though). - Improved KeyczarTool interface. - Updated SWIG interface to support KeysetPBEJSONFileReader and to interface all commands implemented by KeyczarTool. Added new related example keyczar_tool.py. - Added new command 'exportkey' to export private keys to PKCS8 format encrypted files. - Updated and added new examples. - Fixed issues, refactored files, hierarchies and namespaces. Improved comments. Aug 14, 2009 issue 39 (Add support for session keys (was: javax.crypto.IllegalBlock...) commented on by paul.querna - Adding support for session keys when using RSA would be very nice. I was thinking of hacking together something for the python implementation. Is there a spec for how the session keys would work? Adding support for session keys when using RSA would be very nice. I was thinking of hacking together something for the python implementation. Is there a spec for how the session keys would work? Jul 29, 2009 r437 (- Improved Reader/Writer interfaces - read() factory methods...) committed by sebastien.martini - - Improved Reader/Writer interfaces - read() factory methods inside keyczar.i now accept reader objects - Added examples using compression - Properly deletes Value object in keyset.cc - Improved Reader/Writer interfaces - read() factory methods inside keyczar.i now accept reader objects - Added examples using compression - Properly deletes Value object in keyset.cc Jul 23, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini Jul 23, 2009 CppForDevelopers (Keyczar C++ for Developers) Wiki page edited by sebastien.martini Jul 23, 2009 CppTutorial (Keyczar C++ Tutorial) Wiki page edited by sebastien.martini Jul 22, 2009 keyczar-cpp-0.6b-rev433.tar.bz2 (Keyczar 0.6b C++ Release (rev. 433)) file uploaded by sebastien.martini - Labels: Type-Source Language-Cpp Featured Labels: Type-Source Language-Cpp Featured Jul 22, 2009 r433 (- Added initial support of these systems and architectures: ...) committed by sebastien.martini - - Added initial support of these systems and architectures: x86_64, ARM, MacOSX (Leopard with MacPorts and packages icu, openssl and swig), BSD (OpenBSD, FreeBSD), Ubuntu 64bits. - gtest is now compiled as dynamic library and dependancies to gtest have been removed from Keyczar library's headers. - Rewrote all include directives from Keyczar library. - Moved src/base to src/keyczar/base and removed useless or cumbersome dependancies (pthread, rt), removed useless third party source code. - Improved build system and install mechanism (still not perfects though). - Replaced DCHECK by CHECK. - Supports gzip and zlib compression of plaintexts before encryption. - Added initial support of these systems and architectures: x86_64, ARM, MacOSX (Leopard with MacPorts and packages icu, openssl and swig), BSD (OpenBSD, FreeBSD), Ubuntu 64bits. - gtest is now compiled as dynamic library and dependancies to gtest have been removed from Keyczar library's headers. - Rewrote all include directives from Keyczar library. - Moved src/base to src/keyczar/base and removed useless or cumbersome dependancies (pthread, rt), removed useless third party source code. - Improved build system and install mechanism (still not perfects though). - Replaced DCHECK by CHECK. - Supports gzip and zlib compression of plaintexts before encryption. Jul 01, 2009 r432 (Updating keyczar page a bit.) committed by steveweis - Updating keyczar page a bit. Updating keyczar page a bit. Jun 29, 2009 keyczar06b-062909-src.jar (Keyczar 0.6b Java Source (rel. 06.29.09)) file uploaded by steveweis - Labels: Featured Type-Source Language-Java Labels: Featured Type-Source Language-Java Jun 29, 2009 keyczar06b-1.5-062909.jar (Keyczar 0.6b Java 1.5 (rel. 06.29.09)) file uploaded by steveweis - Labels: Featured Language-Java Type-Archive Labels: Featured Language-Java Type-Archive Jun 29, 2009 keyczar06b-1.6-062909.jar (Keyczar 0.6b Java 1.6 (rel. 06.29.09)) file uploaded by steveweis - Labels: Featured Language-Java Type-Archive Labels: Featured Language-Java Type-Archive Jun 27, 2009 r431 (adding python .settings (Eclipse auto-generated) directory t...) committed by arkajit.dey - adding python .settings (Eclipse auto-generated) directory to svn:ignore too adding python .settings (Eclipse auto-generated) directory to svn:ignore too Jun 27, 2009 r430 (adding .settings directory (eclipse auto-generated) to svn:i...) committed by arkajit.dey - adding .settings directory (eclipse auto-generated) to svn:ignore adding .settings directory (eclipse auto-generated) to svn:ignore Jun 27, 2009 MavenInstructions (Instructions for checking out Java Keyczar in Maven) Wiki page edited by arkajit.dey Jun 27, 2009 r428 (adding CrossCompatibilityTest to AllTests suite) committed by arkajit.dey - adding CrossCompatibilityTest to AllTests suite adding CrossCompatibilityTest to AllTests suite

r438 (- Moved source code only used by unittests to src/keyczar/ba...) committed by sebastien.martini - - Moved source code only used by unittests to src/keyczar/base_test. - Moved keyczart and KeyczartTool to src/keyczar/keyczar_tool. - Moved readers and writers to src/keyczar/rw. - Use only UTF-8 encoded std::string, removed all std::wstring, w_char and dependancy on libicu (for a rationale see http://code.google.com/p/protobuf/issues/detail?id=24). Cleaned-up src/keyczar/base (again). - Implemented ScopedSafeString for managing private/secret keys and passwords. It erases sensitive strings when objects are deleted or after use. Currently relies on memset() but could be easily replaced with OPENSSL_cleanse (copied from OpenSSL) in STLStringMemErase() and few other places. What could make memset() uncertain are potentials compilers optimizations that would optimize out these calls from assembled binary. - Added new reader KeysetPBEJSONFileReader and writer KeysetPBEJSONFileWriter to handle AES encrypted JSON keys with PBE algorithm. It uses OpenSSL's PKCS5 v2.0 implementation therefore HMAC_SHA256 should be automatically used as prf when OpenSSL 1.0.0+ is detected and HMAC_SHA1 otherwise. Modified keyczart and KeyczarTool to accept passwords through --pass option (this option is similar to the crypter option). Added new PBE example pbe_keyset.py and new set of key src/keyczar/data/pbe_json. - Added new factory method to automatically select the right reader to instanciate from its location type (currently only returns KeysetJSONFileReader though). - Improved KeyczarTool interface. - Updated SWIG interface to support KeysetPBEJSONFileReader and to interface all commands implemented by KeyczarTool. Added new related example keyczar_tool.py. - Added new command 'exportkey' to export private keys to PKCS8 format encrypted files. - Updated and added new examples. - Fixed issues, refactored files, hierarchies and namespaces. Improved comments.

- Moved source code only used by unittests to src/keyczar/base_test. - Moved keyczart and KeyczartTool to src/keyczar/keyczar_tool. - Moved readers and writers to src/keyczar/rw. - Use only UTF-8 encoded std::string, removed all std::wstring, w_char and dependancy on libicu (for a rationale see http://code.google.com/p/protobuf/issues/detail?id=24). Cleaned-up src/keyczar/base (again). - Implemented ScopedSafeString for managing private/secret keys and passwords. It erases sensitive strings when objects are deleted or after use. Currently relies on memset() but could be easily replaced with OPENSSL_cleanse (copied from OpenSSL) in STLStringMemErase() and few other places. What could make memset() uncertain are potentials compilers optimizations that would optimize out these calls from assembled binary. - Added new reader KeysetPBEJSONFileReader and writer KeysetPBEJSONFileWriter to handle AES encrypted JSON keys with PBE algorithm. It uses OpenSSL's PKCS5 v2.0 implementation therefore HMAC_SHA256 should be automatically used as prf when OpenSSL 1.0.0+ is detected and HMAC_SHA1 otherwise. Modified keyczart and KeyczarTool to accept passwords through --pass option (this option is similar to the crypter option). Added new PBE example pbe_keyset.py and new set of key src/keyczar/data/pbe_json. - Added new factory method to automatically select the right reader to instanciate from its location type (currently only returns KeysetJSONFileReader though). - Improved KeyczarTool interface. - Updated SWIG interface to support KeysetPBEJSONFileReader and to interface all commands implemented by KeyczarTool. Added new related example keyczar_tool.py. - Added new command 'exportkey' to export private keys to PKCS8 format encrypted files. - Updated and added new examples. - Fixed issues, refactored files, hierarchies and namespaces. Improved comments.

Last 30 days

Older