Google’s Security and Privacy Engineering team have noticed a few problems with building a generic yet secure way of exchanging public encryption keys that could work across a range of applications. To fix this, Google has announced the Key Transparency initiative to create a simple way to establish secure connections even through untrusted servers.
According to Google’s Ryan Hurst and Gary Belvin, most people have a hard time using encryption methods like PGP or even encrypted messaging apps because they require users to manually verify the recipients’ account. The idea behind Key Transparency is to build out a framework that regular people can use to verify that someone’s online persona matches their public key. In other words, Key Transparency is a directory that will not only verify that your messages are properly secured, but will also make it simpler for developers to audit that account data and build simpler security features.
The project is in its first open source release, but Google hopes to keep iterating based on feedback from the security community. You can follow the developments over on Github or at KeyTransparency.org.