tag | e1aea445e879ae276430e366fa60def31069f989 | |
---|---|---|
tagger | Tink Team <noreply@google.com> | Fri May 25 15:30:25 2018 -0700 |
object | 068112c13712e04ca035d7232873ca0a3e60d0a6 |
Tink version 1.1.1
commit | 068112c13712e04ca035d7232873ca0a3e60d0a6 | [log] [tgz] |
---|---|---|
author | Charles Lee <ckl@google.com> | Fri May 25 09:32:23 2018 -0700 |
committer | Charley Lee <ckl@google.com> | Fri May 25 15:28:42 2018 -0700 |
tree | f5ae5d59d6d99dbcc41a1077e7427092baa9bc9a | |
parent | d8691d3e81d3dbd6a4402eb2cabc807aa297fe24 [diff] |
Additional documentation cleanup. PiperOrigin-RevId: 198059513 GitOrigin-RevId: b0d86b91c0a596d6e87d36bdc1e1876b77a23b7f
Ubuntu | macOS |
---|---|
Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.
Tink provides secure APIs that are easy to use correctly. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. You can add features like encryption, decryption and signing to your application with Tink - the same library AdMob, Google Pay, the Android Search App and several Google products also use to secure their applications.
TIP The easiest way to get started with Tink is to install Bazel, then build, run and play with the hello world examples
.
Tink performs cryptographic tasks via so-called primitives, each of which is defined via a corresponding interface that specifies the functionality of the primitive. For example, symmetric key encryption is offered via an AEAD-primitive (Authenticated Encryption with Associated Data), that supports two operations:
encrypt(plaintext, associated_data)
, which encrypts the given plaintext
(using associated_data
as additional AEAD-input) and returns the resulting ciphertextdecrypt(ciphertext, associated_data)
, which decrypts the given ciphertext
(using associated_data
as additional AEAD-input) and returns the resulting plaintextBefore implementations of primitives can be used, they must be registered at runtime with Tink, so that Tink “knows” the desired implementations. Here's how you can register all implementations of all primitives in Tink for Java 1.1.0:
import com.google.crypto.tink.Config; import com.google.crypto.tink.config.TinkConfig; Config.register(TinkConfig.TINK_1_1_0);
After implementations of primitives have been registered, the basic use of Tink proceeds in three steps:
Keyset
in Tink terms).Here is how these steps would look like when encrypting or decrypting with an AEAD primitive in Java:
import com.google.crypto.tink.Aead; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.aead.AeadFactory; import com.google.crypto.tink.aead.AeadKeyTemplates; // 1. Generate the key material. KeysetHandle keysetHandle = KeysetHandle.generateNew( AeadKeyTemplates.AES128_GCM); // 2. Get the primitive. Aead aead = AeadFactory.getPrimitive(keysetHandle); // 3. Use the primitive. byte[] ciphertext = aead.encrypt(plaintext, aad);
Tink for Java and Android are field tested and ready for production. Latest version is 1.1.0, released on 04/18/2018.
Tink for C++ and Tink for Obj-C are catching up with Tink for Java in terms of features and stability, and the offered functionality is 100%-compatible with Java (cf. cross-language tests. We plan to make a first release in June 2018.
Tink for Go is in active development.
Tink for Javascript and C# are in planning.
If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.
If you'd like to talk to the developers or get notified about major new tests, you may want to subscribe to our mailing list. To join, simply send an empty email to tink-users+subscribe@googlegroups.com.
Tink is maintained by: