In a move likely to support encryption on the Web, Google has released its open source tool called Key Transparency. The prototype is designed to simplify the existing methods of protecting Web users and offer secure communications.
Google’s Key Transparency works as a general-use, transparent directory. It helps developers create systems with independently auditable account data and build infrastructure that can be used even by the users who are not any encryption or security experts.
Traditional ways to secure communications involve some time-consuming and complicated methods. Users need to find and verify keys from their recipients manually. Further, even more than 20 years after the debut of Pretty Good Privacy (PGP) model, it is yet to be used by the masses. All this brought the need for Key Transparency.
“Our goal is to evolve Key Transparency into an open-source, generic, scalable and interoperable directory of public keys with an ecosystem of mutually auditing directories,” Google’s security and privacy engineers Ryan Hurst and Gary Belvin write in a blog post.
Useful for both encrypted and authenticated data
Leveraging multi-year efforts not just by the Google team but also from engineers working at CONIKS, Open Whisper Systems and security engineering teams at Yahoo, Key Transparency can be used on data that is encrypted or authenticated. It can also be helpful in developing security features that are easy to understand for and support their needs such as account recovery.
Going forward, Google is set to expand the functionality of Key Transparency by discussing developments with the crypto community and some industry leaders. It has already been calling developers to contribute with apps, inputs and contributions to the latest technology.