Skip to content

/ tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
cryptography java cpp go objc crypto security javascript
C++ Java Go JavaScript Python Starlark Other
  1. C++ 30.4%
  2. Java 29.7%
  3. Go 15.4%
  4. JavaScript 7.8%
  5. Python 5.3%
  6. Starlark 5.1%
  7. Other 6.3%
Branch: master
Find file
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Open in Desktop Download ZIP

Latest commit

@thaidn Copybara-Service
thaidn and Copybara-Service Fix #316: closing internal input/output streams after reading/writing. 
PiperOrigin-RevId: 312505790
Latest commit 3691465 May 20, 2020

Files

Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
apps Bump version to 1.4.0-rc2. May 15, 2020
cc Use CRYPTO_memcmp from BoringSSL for a constant-time compare. May 20, 2020
cmake Update to Bazel 3.1.0 and newer version of Protobuf. May 13, 2020
docs Fix some errors in HOWTO and make it easier for copy&paste. May 15, 2020
examples Update to Bazel 3.1.0 and newer version of Protobuf. May 13, 2020
go Bump version to 1.4.0-rc2. May 15, 2020
java_src Fix #316: closing internal input/output streams after reading/writing. May 20, 2020
javascript Remove static async methods from Tink for JavaScript May 18, 2020
kokoro Add option for defining base Tink workspace used for pip install. May 20, 2020
maven Update Maven docs to reflect the current package configuration. May 16, 2020
objc Bump version to 1.4.0-rc2. May 15, 2020
proto Add missing dependency to hkdf_prf_cc_proto. Apr 24, 2020
python Add option for defining base Tink workspace used for pip install. May 20, 2020
testdata Fix two instances required to upgrade to bazel 1.0. Oct 18, 2019
third_party Update calls to deprecated Starlark functions/arguments Feb 6, 2020
tools Remove Shell-script tests that have been moved to Python. May 14, 2020
.bazelversion Update to Bazel 3.1.0 and newer version of Protobuf. May 13, 2020
.gitignore Introducing a separate WORKSPACE for C++. Jan 21, 2020
BUILD.bazel Add separate WORKSPACE for Python. Mar 3, 2020
CMakeLists.txt Remove support for building C++ outside of Bazel and CMake. This mean… Mar 2, 2020
LICENSE Merge "Preparing for open source: adding license." Mar 23, 2017
README.md Bump version to 1.4.0-rc2. May 15, 2020
WORKSPACE Add separate WORKSPACE for Python. Mar 3, 2020
passing_test.sh Internal change Jan 7, 2020
tink_base_deps.bzl Update to Bazel 3.1.0 and newer version of Protobuf. May 13, 2020
tink_base_deps_init.bzl Remove python dependencies in tink_base. Feb 17, 2020
tink_version.bzl Bump version to 1.4.0-rc2. May 15, 2020
tink_version.cmake Bump version to 1.4.0-rc2. May 15, 2020

README.md

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Getting started
  3. Overview
  4. Current status
  5. Learn more
  6. Contact and mailing list
  7. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Getting started

Tink primarily uses Bazel to manage building and testing the project.

The recommended way to get started with Tink is to use Bazelisk. This tool is developed by the Bazel team and makes it easy to ensure usage of a version of Bazel that's compatible with the project.

As a starting point, the examples demonstrate performing simple tasks using Tink in a variety of languages.

Overview

Tink performs cryptographic tasks via so-called primitives, each of which is defined via a corresponding interface that specifies the functionality of the primitive. For example, symmetric key encryption is offered via an AEAD-primitive (Authenticated Encryption with Associated Data), that supports two operations:

  • encrypt(plaintext, associated_data), which encrypts the given plaintext (using associated_data as additional AEAD-input) and returns the resulting ciphertext
  • decrypt(ciphertext, associated_data), which decrypts the given ciphertext (using associated_data as additional AEAD-input) and returns the resulting plaintext

Before implementations of primitives can be used, they must be registered at runtime with Tink, so that Tink "knows" the desired implementations. Here's how you can register all implementations of all primitives in Tink:

    import com.google.crypto.tink.config.TinkConfig;

    TinkConfig.register();

After implementations of primitives have been registered, the basic use of Tink proceeds in three steps:

  1. Load or generate the cryptographic key material (a Keyset in Tink terms).
  2. Use the key material to get an instance of the chosen primitive.
  3. Use that primitive to accomplish the cryptographic task.

Here is how these steps would look like when encrypting or decrypting with an AEAD primitive in Java:

    import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadKeyTemplates;

    // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES128_GCM);

    // 2. Get the primitive.
    Aead aead = keysetHandle.getPrimitive(Aead.class);

    // 3. Use the primitive.
    byte[] ciphertext = aead.encrypt(plaintext, associatedData);

Current status

Learn more

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.

Maintainers

Tink is maintained by (A-Z):

  • Haris Andrianakis
  • Daniel Bleichenbacher
  • Tanuj Dhir
  • Thai Duong
  • Thomas Holenstein
  • Stefan Kölbl
  • Charles Lee
  • Quan Nguyen
  • Bartosz Przydatek
  • Enzo Puig
  • Sophie Schmieg
  • Veronika Slívová
  • Paula Vidas
  • Jürg Wullschleger
You can’t perform that action at this time.