Keyczar as a Key Management System Starter Kit

9 views
Skip to first unread message

ScottG

unread,
Aug 13, 2008, 10:04:10 AM8/13/08
to Keyczar Discuss
In addition to innovative cryptographic and useability features,
Keyczar provides rudimentary key management capabilities. This I
believe is to its credit and distinguishes it from other cryptographic
APIs and toolkits.

I do not use the term 'rudimentary' in any pejorative sense. The key
management is a territory that has just begun to be mapped so it is
wholly appropriate that first steps be modest and exploratory.
Lighting up the key management features of Keyczar let's one do some
exploration of this frontier on one's own.

What few key management standards and specifications that do exist are
not in complete agreement with respect to basic definitions let alone
about criteria, objectives and requirements for key management
systems.

For those that travel such paths, I would call attention to the
following:
1) IEEE P1619.3 Work Group
2) GlobalPlatform Key Management System Functional Requirements
3) NIST Special Publication 800-57, Recommendations for Key
Management, Parts 1 and 2

Cheers, Scott

Steve Weis

unread,
Aug 13, 2008, 1:35:12 PM8/13/08
to Keyczar Discuss
Looking ahead, there are some key management features that Keyczar
might benefit from. Right now, it treats each key set independently.
There aren't provisions for importing or exporting keys, merging key
sets, or authenticating the origins of keys (i.e. with certificates).
These might end up being non-goals of Keyczar, but it's worth thinking
about for the future.
Reply all
Reply to author
Forward
0 new messages