With how much our lives reside on the internet either through a web browser or an application on our phones, it is important that everyone’s private data stays secure and of course, private. To do this, companies and developers are implementing encryption into their programs. The issue, according to Google, is that there is no easy to use, generic way to identify and authenticate a user’s public encryption keys…
Key Transparency is Google’s answer to this problem. With this project, Google is making it possible to identify and establish secure connections even through untrusted servers. To do this, Key Transparency is creating a lookup database with records of a user’s public encryption key and their “online personas” that have already been authenticated. In addition to this, there will be a public log with all record changes that is supposed to be tamper-proof.
To make this generic and open solution work, the individual records have to be publically accessible by all. Fortunately, the only way to find a specific user’s information is by submitting a search for a particular ID.
Just last month Google announced Project Wycheproof which is meant to help combat encryption security holes found in programs. With Key Transparency, Google will hopefully make it easier for developers to authenticate a user and establish an encrypted and secure connection with them.