What makes a usable crypto API?

Graham Steel
June 29, 2017

An interesting article at the recent IEEE Security & Privacy symposium carried out a usability study on Python crypto APIs. Participants with varying degrees of Python experience were given crypto programming tasks for which they had to use a given API (cryptography.io, Keyczar, PyNaCl, M2crypto or PyCrypto).

The researchers evaluated the security of the participants' solutions to try to see what kind of API is most likely to result in secure code.The APIs chosen were quite different. In particular, some (cryptography.io, Keyczar, PyNaCl) are to varying degrees "simplified" to avoid presenting the programmer with too many choices, in the hope this results in fewer mistakes. Others are more complex, leaving room for error, but sometimes (PyCrypto) providing relatively good documentation and examples.The results reveal some interesting takeaways: the simplified APIs do indeed avoid programmers making errors with parameter choice (short keys, obsolete algorithms etc.), but many solutions fell down in auxiliary tasks such as secure key management, for which these simplified APIs don't provide support. That's not too surprising: key management is also the area we find most problems when deploying our Analyzer on applications that use crypto. Also, complex APIs with good documentation and examples resulted in more secure solutions than simplified APIs with lousy documentation.

The findings of the paper are worth a full read for anyone interested in getting programmers to produce secure applications that use crypto (you can also watch a video of the presentation).