To build Java, install Android SDK 23 or newer and set the ANDROID_HOME environment variable to the path of your Android SDK. On macOS, the SDK is usually installed at
/Users/username/Library/Android/sdk/. You also need Android SDK Build Tools 24.0.3 or newer.
Check out source code and build
git clone https://github.com/google/tink cd tink bazel test java/...
com.google.crypto.tink This package consists only the core of Tink, including the primitive interfaces and key management APIs. Users that develop their own primitives or key types can depend only on this package and exclude the rest.
com.google.crypto.tink.aead|daead|mac|signature|hybrid|streamingaead These packages contain the public APIs exposing the primitives that Tink supports.
com.google.crypto.tink.integration.gcpkms This package allows users to store keys in Google Cloud Key Management System.
com.google.crypto.tink.integration.awskms This package allows users to store keys in AWS Key Management System.
com.google.crypto.tink.integration.android This package allows Android users to store keys in private preferences, wrapped with master key in Android Keystore. The integration with Android Keystore only works on Android M (API level 23) or higher.
com.google.crypto.tink.subtle This package contains implementations of primitives. Aside from the primitive interfaces, this package is not allowed to depend on anything else in Tink. Users should never directly depend on this package.
com.google.crypto.tink.proto This package contains protobuf auto-generated Java code. Users should never directly depend on this package.
//java This public target exports all public APIs, except com.google.crypto.tink.integration.android and com.google.crypto.tink.CleartextKeysetHandle. It is expected to run on servers, not Android.
//java:android Similar to java, but this public target adds com.google.crypto.tink.integration.android, and removes com.google.crypto.tink.integration.gcpkms and com.google.crypto.tink.integration.awskms. To build it, one needs Android SDK 23 or newer.
//java:subtle This restricted target exposes com.google.crypto.tink.subtle. It's restricted because most users are supposed not to use it directly.
//java:cleartext_keyset_handle and //java:cleartext_keyset_handle_android This restricted target exposes com.google.crypto.tink.CleartextKeysetHandle. It's restricted because it allows users to read cleartext keysets from disk, which is a bad practice.
//java:protos and //java:protos_android This restricted target exposes com.google.crypto.tink.proto. It's restricted because most users are supposed not to use it directly.