tink

module
v1.2.0-rc2 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 13, 2018 License: Apache-2.0

README

Tink

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. You can add features like encryption, decryption and signing to your application with Tink - the same library AdMob, Google Pay, the Android Search App and several Google products also use to secure their applications.

Getting started

TIP The easiest way to get started with Tink is to install Bazel, then build, run and play with the hello world examples.

Tink performs cryptographic tasks via so-called primitives, each of which is defined via a corresponding interface that specifies the functionality of the primitive. For example, symmetric key encryption is offered via an AEAD-primitive (Authenticated Encryption with Associated Data), that supports two operations:

  • encrypt(plaintext, associated_data), which encrypts the given plaintext (using associated_data as additional AEAD-input) and returns the resulting ciphertext
  • decrypt(ciphertext, associated_data), which decrypts the given ciphertext (using associated_data as additional AEAD-input) and returns the resulting plaintext

Before implementations of primitives can be used, they must be registered at runtime with Tink, so that Tink "knows" the desired implementations. Here's how you can register all implementations of all primitives in Tink:

    import com.google.crypto.tink.config.TinkConfig;

    TinkConfig.register();

After implementations of primitives have been registered, the basic use of Tink proceeds in three steps:

  1. Load or generate the cryptographic key material (a Keyset in Tink terms).
  2. Use the key material to get an instance of the chosen primitive.
  3. Use that primitive to accomplish the cryptographic task.

Here is how these steps would look like when encrypting or decrypting with an AEAD primitive in Java:

    import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadFactory;
    import com.google.crypto.tink.aead.AeadKeyTemplates;

    // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES128_GCM);

    // 2. Get the primitive.
    Aead aead = AeadFactory.getPrimitive(keysetHandle);

    // 3. Use the primitive.
    byte[] ciphertext = aead.encrypt(plaintext, aad);

Current Status

Learn More

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major new tests, you may want to subscribe to our mailing list. To join, simply send an empty email to tink-users+subscribe@googlegroups.com.

Maintainers

Tink is maintained by (A-Z):

  • Haris Andrianakis
  • Daniel Bleichenbacher
  • Thai Duong
  • Charles Lee
  • Quan Nguyen
  • Bartosz Przydatek

Directories

Path Synopsis
go
aead
Package aead provides implementations of the Aead primitive.
Package aead provides implementations of the Aead primitive.
mac
Package mac provides implementations of the Mac primitive.
Package mac provides implementations of the Mac primitive.
signature
Package signature provides implementations of the PublicKeySign and PublicKeyVerify primitives.
Package signature provides implementations of the PublicKeySign and PublicKeyVerify primitives.
subtle
Package subtle provides utility functions.
Package subtle provides utility functions.
subtle/aead
Package aead provides subtle implementations of the Aead primitive.
Package aead provides subtle implementations of the Aead primitive.
subtle/mac
Package mac provides subtle implementations of the Mac primitive.
Package mac provides subtle implementations of the Mac primitive.
subtle/random
Package random provides functions that generate random numbers or bytes.
Package random provides functions that generate random numbers or bytes.
subtle/signature
Package signature provides subtle implementations of the PublicKeySign and PublicKeyVerify primitives.
Package signature provides subtle implementations of the PublicKeySign and PublicKeyVerify primitives.
testutil
Package testutil provides test utilities.
Package testutil provides test utilities.
tink
Package tink defines interfaces for the crypto primitives that Tink supports.
Package tink defines interfaces for the crypto primitives that Tink supports.
proto
aes_gcm_go_proto
Package aes_gcm_proto is a generated protocol buffer package.
Package aes_gcm_proto is a generated protocol buffer package.
common_go_proto
Package common_proto is a generated protocol buffer package.
Package common_proto is a generated protocol buffer package.
ecdsa_go_proto
Package ecdsa_proto is a generated protocol buffer package.
Package ecdsa_proto is a generated protocol buffer package.
hmac_go_proto
Package hmac_proto is a generated protocol buffer package.
Package hmac_proto is a generated protocol buffer package.
tink_go_proto
Package tink_proto is a generated protocol buffer package.
Package tink_proto is a generated protocol buffer package.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL