Skip to content
Please note that GitHub no longer supports Internet Explorer.

We recommend upgrading to the latest Microsoft Edge, Google Chrome, or Firefox.

Learn more

/tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
cryptography java cpp go objc crypto security javascript
  1. Java 34.1%
  2. C++ 26.5%
  3. Go 15.5%
  4. JavaScript 11.7%
  5. Python 4.8%
  6. Objective-C++ 3.3%
  7. Other 4.1%
Branch: master
Find File
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

baskaran Tink Team
baskaran and Tink Team Adding GCPKMS deps for Tinkey 
PiperOrigin-RevId: 239697009
GitOrigin-RevId: 8233b02ce1bfa30962f3f924c6ff3f9a531c777b
Latest commit ba64189 Mar 21, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
apps
cc
cmake
docs fix typo in documentation Mar 20, 2019
examples Improve CMake build scripts. Mar 20, 2019
go Golang: use explicit file path for Wycheproof tests. Mar 21, 2019
java Java: add some sanity checks when adding a primary entry to a primiti… Mar 21, 2019
javascript Javascript: add BUILD.bazel files. Mar 7, 2019
kokoro Undo a change I mistakenly introduced in cl/227678791. Jan 9, 2019
maven A better fix for #153. Nov 13, 2018
objc Rename KeysetUtil to TestKeysetHandle and make it testonly = 1. Mar 20, 2019
proto Add the _cc_proto suffix back to proto targets in CMake. Mar 20, 2019
testdata internal cleanup Mar 20, 2019
third_party Internal cleanup Mar 5, 2019
tools Adding GCPKMS deps for Tinkey Mar 21, 2019
.gitignore Fixing macOS build. Sep 25, 2017
BUILD.bazel Golang: move crypto format out of tink to its own package. Feb 2, 2019
CMakeLists.txt
LICENSE
README.md
WORKSPACE Fix a Lint error. Mar 21, 2019
tink_version.bzl Bumping version number to 1.2.1. Nov 14, 2018
tink_version.cmake

README.md

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Getting Started
  3. Current Status
  4. Learn More
  5. Contact and Mailing List
  6. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Getting started

TIP The easiest way to get started with Tink is to install Bazel, then build, run and play with the hello world examples.

Tink performs cryptographic tasks via so-called primitives, each of which is defined via a corresponding interface that specifies the functionality of the primitive. For example, symmetric key encryption is offered via an AEAD-primitive (Authenticated Encryption with Associated Data), that supports two operations:

  • encrypt(plaintext, associated_data), which encrypts the given plaintext (using associated_data as additional AEAD-input) and returns the resulting ciphertext
  • decrypt(ciphertext, associated_data), which decrypts the given ciphertext (using associated_data as additional AEAD-input) and returns the resulting plaintext

Before implementations of primitives can be used, they must be registered at runtime with Tink, so that Tink "knows" the desired implementations. Here's how you can register all implementations of all primitives in Tink:

    import com.google.crypto.tink.config.TinkConfig;

    TinkConfig.register();

After implementations of primitives have been registered, the basic use of Tink proceeds in three steps:

  1. Load or generate the cryptographic key material (a Keyset in Tink terms).
  2. Use the key material to get an instance of the chosen primitive.
  3. Use that primitive to accomplish the cryptographic task.

Here is how these steps would look like when encrypting or decrypting with an AEAD primitive in Java:

    import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadKeyTemplates;

    // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES128_GCM);

    // 2. Get the primitive.
    Aead aead = keysetHandle.getPrimitive(Aead.class);

    // 3. Use the primitive.
    byte[] ciphertext = aead.encrypt(plaintext, associatedData);

Current Status

  • Java and Android, C++ and Obj-C are field tested and ready for production. The latest version is 1.2.2, released on 2019-01-24.

  • Tink for Go and JavaScript are in active development.

Learn More

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list. To join, simply send an empty email to tink-users+subscribe@googlegroups.com.

Maintainers

Tink is maintained by (A-Z):

  • Haris Andrianakis
  • Daniel Bleichenbacher
  • Thai Duong
  • Thomas Holenstein
  • Charles Lee
  • Quan Nguyen
  • Bartosz Przydatek
  • Veronika Slívová
You can’t perform that action at this time.