Key Usage Statistics?

[Mike Muske]

Hi all,

I am looking into using Keyczar on a project for symmetric-key encryption and am wondering - do the key usage statistics mentioned in section 5.1 of the Design Document exist?

I generated some keys and worked them through the lifecycle, but each time I opened the meta file from the keystore I did not see anything that appeared to be a usage statistic in the JSON data.  I inspected the meta file before and after setting a key to 'inactive', and I had some ciphertext that was encrypted with the key which I decrypted several times while the key was in the 'inactive' state.

I'm also not seeing anything in the API or the KeyczarTool app that appears to be related.  Is the 'usage statistics' feature just an idea that has yet to be implemented or am I just missing it?

Thanks!

[Steve Weis]

Hi Mike. No, there are no usage data being collected. I see the mention in the design doc you're referring to, but it was never built.

--
You received this message because you are subscribed to the Google Groups "Keyczar Discuss" group.
To unsubscribe from this group and stop receiving emails from it, send an email to keyczar-discu...@googlegroups.com.
To post to this group, send email to keyczar...@googlegroups.com.
Visit this group at http://groups.google.com/group/keyczar-discuss.
For more options, visit https://groups.google.com/d/optout.

[Mike Muske]

OK - thanks for confirming.  For what it is worth, this is something that ultimately is steering us away from Keyczar because we would like to build a capability to re-key data in the event that a key is compromised.  We would like to be sure that all of our data that used a particular key has been re-keyed prior to deleting the key.  In general, it seems that it would be useful to have access to key aliases that are used to encrypt/decrypt a particular piece of data.

[Ben Laurie]

On 26 June 2015 at 20:20, Mike Muske <mike...@gmail.com> wrote:
> OK - thanks for confirming. For what it is worth, this is something that
> ultimately is steering us away from Keyczar because we would like to build a
> capability to re-key data in the event that a key is compromised.

This is, of course, exactly the point of Keyczar.

> We would
> like to be sure that all of our data that used a particular key has been
> re-keyed prior to deleting the key. In general, it seems that it would be
> useful to have access to key aliases that are used to encrypt/decrypt a
> particular piece of data.

Sure - there's definitely no reason not to add it - and that would
seem more sensible than building something completely new...

[Steve Weis]

Hi Mike. Keyczar has a basic key lifecycle management with three key statuses: Primary -> Active -> Inactive:

https://github.com/google/keyczar/wiki/KeyStatus

The idea is that a newly issued key will be "Primary" and used to sign or encrypt new data. When the next key is issued, the current primary key will be demoted to "Active" and kept around to verify and decrypt old data. "Inactive" is essentially a way of indicating a key is deprecated and may be deleted at any time. You could, for example, raise an exception or output warning logs if an inactive key was used.

It sounds like you don't actually know when it's safe to demote keys, so need to capture some usage statistics to tell when it's safe to do so. If you really wanted to add some optional usage statistics, it could probably go in Keyczar.getKey():

https://github.com/google/keyczar/blob/master/java/code/src/org/keyczar/Keyczar.java#L141

Also note, every signature or ciphertext is prefixed by an output header containing a 4-byte hash of the key that was used to produce it it:

https://github.com/google/keyczar/wiki/KeyHash

https://github.com/google/keyczar/wiki/CiphertextFormat

This lets you know easily identify which blob of data is associated with a particular key -- even without even knowing the raw key value.