From the “we’re not just a search company anymore” files:
Cryptography and open source are being joined together in a new effort called Keyczar. The project is being hosted on Google Code under the Apache 2.0 license and includes both Java and Python implementation (nope no PHP or C++).
According to Google’s Steve Weiss:
Keyczar is a cryptographic toolkit that supports encryption and
authentication for both symmetric and public-key algorithms. It
addresses some of the aforementioned issues by choosing safe defaults,
tagging outputs with key version information, and providing a simple
application programming interface. Keyczar’s key versioning system
makes it easy to rotate and revoke keys, without worrying about
backward compatibility or making any changes to source code.
One of the key (no pun intended) things that Keyczar will do (at least from what I can tell) is help protect users against the same sort of situation that occured when Debian messed up their OpenSSL keys earlier this year. Google notes on the project page that Keyczar is not intended to replace OpenSSL but rather is a complement to it.
While this is currently a Google project, I could see this getting adopting broadly and quickly over the course of 2008 as Linux distributions take a look at it.