close
The Wayback Machine - https://web.archive.org/web/20190516165606/https://github.com/google/tink
Skip to content

/tink

Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
cryptography java cpp go objc crypto security javascript
  1. Java 33.1%
  2. C++ 28.5%
  3. Go 14.9%
  4. JavaScript 11.2%
  5. Python 4.8%
  6. Objective-C++ 3.2%
  7. Other 4.3%
Branch: master
Find File
Clone or download

Clone with HTTPS

Use Git or checkout with SVN using the web URL.

Download ZIP

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching GitHub Desktop...

If nothing happens, download GitHub Desktop and try again.

Launching Xcode...

If nothing happens, download Xcode and try again.

Launching Visual Studio...

If nothing happens, download the GitHub extension for Visual Studio and try again.

@chuckx Copybara-Service
chuckx and Copybara-Service Add link to Go HOW-TO. 
Merge c721f21 into 8d62f56

PiperOrigin-RevId: 248215345
Latest commit d0687db May 14, 2019
Permalink
Type Name Latest commit message Commit time
Failed to load latest commit information.
apps Fix a typo. May 10, 2019
cc Implement a KeyManager based on an InternalKeyManager. May 13, 2019
cmake Fix typo in parameter description May 2, 2019
docs Updating C++ and Java HOW-TOs. May 10, 2019
examples Simplify CMake dependencies for the example project. May 2, 2019
go Make eciesAEADHKDFPrivateKeyKeyManager implement the PrivateKeyManage… May 2, 2019
java Remove the @Alpha tag from APIs ready for production use. May 10, 2019
javascript Add signature length to the invalid signature error message when conv… May 10, 2019
kokoro Fix for the macOS testing environment. May 10, 2019
maven A better fix for #153. Nov 13, 2018
objc Add serializedKeyset method to the Cleartext keyset handle category. May 10, 2019
proto cc: Add key manager, proto and key templates for AES-GCM-SIV. May 2, 2019
testdata Adding C++ support for GCP Cloud KMS. May 2, 2019
third_party Fix for compatibility with bazel 0.25. May 10, 2019
tools Remove -Xep option for deleted check May 10, 2019
.bazelrc Fix broken build on macOS. May 2, 2019
.gitignore Fixing macOS build. Sep 25, 2017
BUILD.bazel Golang: move crypto format out of tink to its own package. Feb 2, 2019
CMakeLists.txt Simplify CMake dependencies for the example project. May 2, 2019
LICENSE Merge "Preparing for open source: adding license." Mar 23, 2017
README.md Add link to Go HOW-TO. May 14, 2019
WORKSPACE Adding C++ support for GCP Cloud KMS. May 2, 2019
tink_version.bzl Bumping version number to 1.2.1. Nov 14, 2018
tink_version.cmake Add initial CMake support to Tink. Mar 20, 2019

README.md

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Getting started
  3. Current status
  4. Learn more
  5. Contact and mailing list
  6. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Getting started

TIP The easiest way to get started with Tink is to install Bazel, then build, run and play with the hello world examples.

Tink performs cryptographic tasks via so-called primitives, each of which is defined via a corresponding interface that specifies the functionality of the primitive. For example, symmetric key encryption is offered via an AEAD-primitive (Authenticated Encryption with Associated Data), that supports two operations:

  • encrypt(plaintext, associated_data), which encrypts the given plaintext (using associated_data as additional AEAD-input) and returns the resulting ciphertext
  • decrypt(ciphertext, associated_data), which decrypts the given ciphertext (using associated_data as additional AEAD-input) and returns the resulting plaintext

Before implementations of primitives can be used, they must be registered at runtime with Tink, so that Tink "knows" the desired implementations. Here's how you can register all implementations of all primitives in Tink:

    import com.google.crypto.tink.config.TinkConfig;

    TinkConfig.register();

After implementations of primitives have been registered, the basic use of Tink proceeds in three steps:

  1. Load or generate the cryptographic key material (a Keyset in Tink terms).
  2. Use the key material to get an instance of the chosen primitive.
  3. Use that primitive to accomplish the cryptographic task.

Here is how these steps would look like when encrypting or decrypting with an AEAD primitive in Java:

    import com.google.crypto.tink.Aead;
    import com.google.crypto.tink.KeysetHandle;
    import com.google.crypto.tink.aead.AeadKeyTemplates;

    // 1. Generate the key material.
    KeysetHandle keysetHandle = KeysetHandle.generateNew(
        AeadKeyTemplates.AES128_GCM);

    // 2. Get the primitive.
    Aead aead = keysetHandle.getPrimitive(Aead.class);

    // 3. Use the primitive.
    byte[] ciphertext = aead.encrypt(plaintext, associatedData);

Current status

  • Java and Android, C++ and Obj-C are field tested and ready for production. The latest version is 1.2.2, released on 2019-01-24.

  • Tink for Go and JavaScript are in active development.

Learn more

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list. To join, simply send an empty email to tink-users+subscribe@googlegroups.com.

Maintainers

Tink is maintained by (A-Z):

  • Haris Andrianakis
  • Daniel Bleichenbacher
  • Thai Duong
  • Thomas Holenstein
  • Charles Lee
  • Quan Nguyen
  • Bartosz Przydatek
  • Veronika Slívová
You can’t perform that action at this time.