With a unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and change them as technologies and threats evolve – without rewriting code. It also gives developers greater observability and control over their cryptography for improved cybersecurity.
Sandwich is open source for embedding cryptography into internal applications and for inclusion in commercial software solutions. It currently supports multiple languages (C/C++, Rust, Python, Go, and others), operating systems (MacOS, Linux), and cryptographic libraries (OpenSSL, BoringSSL and libOQS), with future additions planned based on feedback from the open-source community.
In particular, libOQS gives easy access to new post-quantum cryptography (PQC) algorithms from NIST, which will be critical to protect government entities and corporations against current and future threats posed by quantum computers. By supporting multiple languages and cryptography libraries, Sandwich makes it easy for developers to use cryptography securely in any language, and its simple API allows for easy integration.
“Modern cryptography management and cryptographic agility are becoming increasingly more essential for businesses of all sizes; however, there has been a distinct lack of open-source tools for developers to support these features,” said Graham Steel, Head of Product for SandboxAQ’s Quantum Security Group. “We created Sandwich to rapidly accelerate development of our own encryption management and cryptographic remediation solutions, but realized that open-sourcing these tools would enable developers to experiment with agile cryptography and advance the community’s preparedness before quantum computers can break today’s encryption standards.”
“Quantum computers will necessitate a complete reengineering of cryptographic systems, including implementing new hardware and software solutions, but many organizations are taking a wait-and-see approach before committing to a particular strategy,” said Nadia Carlsten, VP of Product at SandboxAQ. “Sandwich provides developers with a risk-free means to explore post-quantum cryptography, share questions and insights with community members, build cryptographic solutions that protect their organization, and potentially generate revenue from commercial applications they develop.”
Build your own “sandwich”
Sandwich lets developers build their own “sandwich” of protocols and implementations they would like available at runtime, which are compiled as a Sandwich object. It also lets users change configurations without breaking their applications or having to re-compile code.
This provides a much simpler process to create a cryptographic object, such as a secure tunnel, and helps enable crypto-agility. Additionally, Sandwich’s high-level API helps to make it easy for developers to avoid the mistakes typically made when manipulating cryptography at a low level, and allows audit teams to rapidly verify that cryptography is used according to policy.
Future iterations will enable the creation of multi-layered, stacked sandwiches with broader functions, such as providing access to cryptography at different abstraction levels. Other planned features will allow users to create smaller sandwiches to access fundamental cryptographic primitives, or larger sandwiches to access functionalities like authentication, virtual private networks (VPNs), or key management services (KMS).
“Properly implementing cryptography is challenging for developer teams of any size and skill, requiring significant time and effort for design, implementation, and testing. Doing it poorly leads to a costly and disruptive remediation of bugs, errors and security exploits, and can put organizations at serious risk for cyber breaches. This will only be exacerbated by the need to transition to new PQC standards,” said Taher Elgamal, Partner at Evolution Equity Partners and SandboxAQ advisor. “With Sandwich, SandboxAQ has created an elegant, open-source solution that enables developers to easily implement cryptography and cryptographic agility into their applications.”