{"id":1139,"date":"2016-03-29T01:57:35","date_gmt":"2016-03-29T07:57:35","guid":{"rendered":"http:\/\/jaredrobinson.com\/blog\/?p=1139"},"modified":"2016-03-29T01:57:35","modified_gmt":"2016-03-29T07:57:35","slug":"keyczar-encryption-made-easy","status":"publish","type":"post","link":"https:\/\/jaredrobinson.com\/blog\/keyczar-encryption-made-easy\/","title":{"rendered":"KeyCzar: Encryption made easy"},"content":{"rendered":"<p>Encrypting sensitive data-at-rest (i.e. in a database) is a good idea, but how does one manage the encryption keys, and rotate keys or start using a new algorithm down the road without orphaning or migrating the old data? Use <a href=\"https:\/\/github.com\/google\/keyczar\">KeyCzar<\/a><\/p>\n<blockquote>\n<p>Cryptography is easy to get wrong. Developers can choose improper<br \/>\n  cipher modes, use obsolete algorithms, compose primitives in an unsafe<br \/>\n  manner, or fail to anticipate the need for key rotation. Keyczar<br \/>\n  abstracts some of these details by choosing safe defaults,<br \/>\n  automatically tagging outputs with key version information, and<br \/>\n  providing a simple programming interface.<\/p>\n<p>Keyczar is designed to be open, extensible, and cross-platform<br \/>\n  compatible. It is not intended to replace existing cryptographic<br \/>\n  libraries like OpenSSL, PyCrypto, or the Java JCE, and in fact is<br \/>\n  built on these libraries.<\/p>\n<\/blockquote>\n<p>Or learn from what Google did with KeyCzar, and implement the same ideas (key rotation and key version info) using a more modern encryption library, like <a href=\"https:\/\/download.libsodium.org\/doc\/\">libsodium<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Encrypting sensitive data-at-rest (i.e. in a database) is a good idea, but how does one manage the encryption keys, and rotate keys or start using a new algorithm down the road without orphaning or migrating the old data? Use KeyCzar Cryptography is easy to get wrong. Developers can choose improper cipher modes, use obsolete algorithms, &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/jaredrobinson.com\/blog\/keyczar-encryption-made-easy\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;KeyCzar: Encryption made easy&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[12,16,17],"tags":[],"class_list":["post-1139","post","type-post","status-publish","format-standard","hentry","category-programming","category-security","category-tech"],"_links":{"self":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1139","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/comments?post=1139"}],"version-history":[{"count":1,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1139\/revisions"}],"predecessor-version":[{"id":1140,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/posts\/1139\/revisions\/1140"}],"wp:attachment":[{"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/media?parent=1139"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/categories?post=1139"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/jaredrobinson.com\/blog\/wp-json\/wp\/v2\/tags?post=1139"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}