Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Overview

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

https://developers.google.com/tink

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Current status
  3. Getting started
  4. Learn more
  5. Contact and mailing list
  6. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is one of the standard crypto libraries, and has been deployed in hundreds of products and systems.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Current status

Java/Android, C++, Obj-C, Go, and Python are field tested and ready for production. The latest version is 1.6.1, released on 2021-07-12.

Javascript/Typescript is in an alpha state and should only be used for testing.

Getting started

Documentation for the project is located at https://developers.google.com/tink. Currently, it details a variety of common usage scenarios and covers the Java and Python implementations. The site will be populated with more content over time.

Alternatively, you can look at all of the examples which demonstrate performing simple tasks using Tink in a variety of languages.

  • Python
pip3 install tink
  • Golang
go get github.com/google/tink/go/...
  • Java
<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.6.1</version>
</dependency>
  • Android
dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.6.1'
}
  • Objective-C/iOS
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.6.1'
pod install

Learn more

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.

Maintainers

Tink is maintained by (A-Z):

  • Moreno Ambrosin
  • Taymon Beal
  • Daniel Bleichenbacher
  • William Conner
  • Thai Duong
  • Thomas Holenstein
  • Stefan Kölbl
  • Charles Lee
  • Cindy Lin
  • Fernando Lobato Meeser
  • Atul Luykx
  • Rafael Misoczki
  • Sophie Schmieg
  • Laurent Simon
  • Elizaveta Tretiakova
  • Jürg Wullschleger

Alumni:

  • Haris Andrianakis
  • Tanuj Dhir
  • Quan Nguyen
  • Bartosz Przydatek
  • Enzo Puig
  • Veronika Slívová
  • Paula Vidas
Issues
  • Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Coming from Tink 1.3.0 stable to Tink 1.4 RC2 (on Android), I noticed that the AesGcmKeyFormat has a possible problem with proguard/R8. We haven't added anything in our proguard-rules.pro file for Tink and am getting a stack trace like this

    java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	... 13 more
    Caused by: java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	at slack.commons.security.AeadPrimitiveFactoryImpl.getAeadPrimitive(AeadPrimitiveFactory.kt:4)
    	... 12 more
    Caused by: java.lang.ExceptionInInitializerError
    	at androidx.security.crypto.EncryptedSharedPreferences$PrefValueEncryptionScheme.
    <clinit>(EncryptedSharedPreferences.java:1)
            ... 11 more
    Caused by: java.lang.RuntimeException: Field version_ for com.google.crypto.tink.proto.AesGcmKeyFormat not found. Known fields are [public int com.google.crypto.tink.proto.AesGcmKeyFormat.keySize_, public static final com.google.crypto.tink.proto.AesGcmKeyFormat com.google.crypto.tink.proto.AesGcmKeyFormat.DEFAULT_INSTANCE, public static volatile com.google.crypto.tink.shaded.protobuf.Parser com.google.crypto.tink.proto.AesGcmKeyFormat.PARSER]
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.reflectField(MessageSchema.java:7)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchemaForRawMessageInfo(MessageSchema.java:53)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchema(MessageSchema.java:2)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:30)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:48)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:5)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:1)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.createAesGcmKeyTemplate(AeadKeyTemplates.java:5)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.<clinit>(AeadKeyTemplates.java:1)
    

    In the Android studio looking at the generated AesGcmKeyFormat, it has the _version

    package com.google.crypto.tink.proto;
    
    import ...;
    
    public final class AesGcmKeyFormat extends GeneratedMessageLite<AesGcmKeyFormat, AesGcmKeyFormat.Builder> implements AesGcmKeyFormatOrBuilder {
        public static final int KEY_SIZE_FIELD_NUMBER = 2;
        private int keySize_;
        public static final int VERSION_FIELD_NUMBER = 3;
        private int version_;
        private static final AesGcmKeyFormat DEFAULT_INSTANCE;
        private static volatile Parser<AesGcmKeyFormat> PARSER;
    
    ...
    }
    

    But when looking at the build APK with proguard/R8 running through it, seems like version_ was removed

    Screen Shot 2020-05-19 at 5 33 14 PM

    Seems like the AesSivKeyFormat has a similar problem as well.

    Screen Shot 2020-05-19 at 5 47 31 PM

    I'm going to also check if this problem might have existed in the 1.3 release of the library. But I haven't seen this stack trace before.

    We stricly use protobuf 3.12.0

    +--- com.google.protobuf:protobuf-java:{strictly 3.12.0} -> 3.12.0 (c)
    
    ...
    
    |    |    \--- com.google.protobuf:protobuf-javalite:3.12.0
    
    ...
    
    |    |    +--- com.google.android.apps.common.testing.accessibility.framework:accessibility-test-framework:2.1
    |    |    |    +--- org.hamcrest:hamcrest-core:1.3 -> org.hamcrest:hamcrest:2.2
    |    |    |    \--- com.google.protobuf:protobuf-java:2.6.1 -> 3.12.0
    
    opened by simtse 27
  • PHP Implementation?

    PHP Implementation?

    I intend to follow this up with a pull request.

    Would the Tink team be interested in a PHP implementation of the same API? Obtensibly it would wrap both the openssl and sodium extensions.

    opened by paragonie-scott 27
  • PyPI package for tink/python

    PyPI package for tink/python

    Hi, Would it be possible to push tink package to PyPI python repository? Being able to do just pip install tink would solve a lot of my problems.

    opened by masteusz 26
  • Python support release date

    Python support release date

    Is there any update on the release date for a version of Tink that supports Python? The roadmap states August 2019 as the intended date and that has come and gone...!

    It'd be good to have access to a release with Python support before January 2020 so old Python2 projects with Keyczar in can be migrated over to Python3 projects with Tink.

    Alternatively, if anybody has a suggestion for a suitable Python3 library to replace Keyczar in Python2 , that would be greatly appreciated!

    Regards,

    Jordan

    opened by JordanStopford 24
  • [android] [throwable] arithmetic error in scalar multiplication

    [android] [throwable] arithmetic error in scalar multiplication

    we use Tink-Android to generate keyPair and sign our information. it work well in common case. but there is a crash in Android device M1 E when we use

    Ed25519Sign(private_key)
    

    and we find the throwable is

       // This check is to protect against flaws, i.e. if there is a computation error through a
        // faulty CPU or if the implementation contains a bug.
        XYZ result = new XYZ(ret);
        if (!result.isOnCurve()) {
          throw new IllegalStateException("arithmetic error in scalar multiplication");
        }
    

    https://github.com/google/tink/blob/09fc71c45dc7c4ecc7fb0df3414b0fb3a9ca52c3/java/src/main/java/com/google/crypto/tink/subtle/Ed25519.java#L626

    Android version: 7.0 cpu: Helio P10 gpu: ARM Mali-T860 Tink-Android Version: 1.2.2

    Is there anyone can help me ? thanks !

    opened by PaperHS 24
  • Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Hello,

    I'd like to report the follow exceptions happening with Android; we are using 1.3.0-rc3. I am not able to reproduce these issues; however they have been seen in the wild.

    OS Issue observed : Android 6,7,8,9 Devices : Samsung Galaxy S6, S7 edge. LG g4, g5, g6

    KeyStoreException (Invalid Key Blob) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:708) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185) com.loblaw.pcoptimum.android.app.utils.Crypto$AEAD.getAndroidKeysetManager (Crypto.java:204)

    KeyStoreException (Unknown error) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:1107) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:825) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

    UnrecoverableKeyException (-49) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:839) android.security.keystore.AndroidKeyStoreProvider.getKeyCharacteristics (AndroidKeyStoreProvider.java:236) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore (AndroidKeyStoreProvider.java:356) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:101) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

    opened by ArjunAchatz 20
  • GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed
      File "AeadWrapper.java", line 82, in decrypt
      File "TinkHelper.kt", line 33, in decrypt
    

    This error occurs with version 1.3.0-rc1 on an Android device running 9.0 but is fixed in versino 1.3.0-rc4. We can't upgrade to 1.3.0-rc4 because of https://github.com/google/tink/issues/301.

    Will the 1.3.0 release contain the fix for the decryption error but not the issue with firebase?

    opened by zsweigart 20
  • Protobuf related build issue with Tink + Firebase (Android)

    Protobuf related build issue with Tink + Firebase (Android)

    I am trying to integrate Tink to my Flutter app which also uses Firebase. With 1.3.0-rc3 I get this build errors in Android:

    Execution failed for task ':app:checkDevelopmentDebugDuplicateClasses'.
    > 1 exception was raised by workers:
      java.lang.RuntimeException: java.lang.RuntimeException: Duplicate class com.google.protobuf.AbstractMessageLite found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder$LimitedInputStream found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractParser found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractProtobufList found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.Any found in modules classes.jar (com.google.firebase:protolite-well-known-types:17.0.0) and protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0)
    .
    .
    .
    

    I have tried various suggestions mentioned in other protobuf related issues here but no solution found so far.

    Issue disappears if I downgrade Tink to version 1.3.0-rc1, so I am using it as a workaround for now.

    opened by kinex 18
  • On Android, when GeneralSecurityException

    On Android, when GeneralSecurityException "decryption failed" is thrown when calling AeadFactory::decrypt?

    Hi,

    Edit: we are using Tink 1.2.2.

    We have been getting crash reports with the exception GeneralSecurityException: decryption failed with the stack trace pointing to AeadFactory::decrypt as the source of the exception, and we are lost on when that happens.

    We are not sharing the keys or the cipher text, so, the same device and algorithm that encrypts it, is the same one that is decrypting it.

    We are also using the AndroidKeysetManager.

    The error seems to happen exclusively on Android 8 e 9 so far.

    Any idea on what may be causing this exception being thrown? Thank you :)

    Check our full implementation: https://gist.github.com/AllanHasegawa/85431b6f7c53074511527655712c9872

    opened by AllanHasegawa 16
  • "go get" fails when specifying "latest" version as a Go module dependency

    The go/keyset API is not present in the latest release, which causes problems when trying to use go modules:

    GO111MODULE=on go get github.com/google/tink/go/keyset
    go: finding github.com/google/tink/go/keyset latest
    go: finding github.com/google/tink/go latest
    go get github.com/google/tink/go/keyset: no matching versions for query "latest"
    
    opened by gdbelvin 16
  • Modify getTrustedSigningKeysJson visibiliity

    Modify getTrustedSigningKeysJson visibiliity

    Due to the nature of secure repositories, whom handle credit card information and do not want to expose external calls to API's among other security considerations, this change exposes the visibility level of getTrustedSigningKeysJson, so that the root signing keys may be fetched at any time, and passed to where needed.

    The service in question handles encrypted credit card data, lives in a separate VPC than other services, and does not want to expose external API calls to the Google signing keys API.

    Per transaction, the use case better supports fetching only the keys downstream and passing them into Tink using the senderVerifyingKeys method.

    If there are better alternatives used at Google, please advise!

    opened by yfung 0
  • Enable Github discussions

    Enable Github discussions

    Help us help you

    None yet.

    Is your feature request related to a problem?

    Not with Tink itself.

    Describe the solution you'd like

    Enable Github discussions for the project.

    Describe alternatives you've considered

    Posting a question / request for help as an issue as many others have done.

    Additional context

    Enabling discussions could provide a kind of FAQ. Right now the issues seems to have a lot of questions that would be better off in the discussions. When an issue is closed its less likely that someone will find the information contained there.

    opened by crass 0
  • Bump follow-redirects from 1.14.4 to 1.14.7 in /javascript

    Bump follow-redirects from 1.14.4 to 1.14.7 in /javascript

    Bumps follow-redirects from 1.14.4 to 1.14.7.

    Commits
    • 2ede36d Release version 1.14.7 of the npm package.
    • 8b347cb Drop Cookie header across domains.
    • 6f5029a Release version 1.14.6 of the npm package.
    • af706be Ignore null headers.
    • d01ab7a Release version 1.14.5 of the npm package.
    • 40052ea Make compatible with Node 17.
    • 86f7572 Fix: clear internal timer on request abort to avoid leakage
    • 2e1eaf0 Keep Authorization header on subdomain redirects.
    • 2ad9e82 Carry over Host header on relative redirects (#172)
    • See full diff in compare view

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies javascript 
    opened by dependabot[bot] 0
  • Provide an easier to read example in the

    Provide an easier to read example in the "I want to encrypt data deterministically" docs page

    This page of the docs is probably what most users will read first when trying to use the lib to encrypt data: https://developers.google.com/tink/deterministic-encryption

    The example there is nice and very useful to use as a command line tool, but I believe it's not that good as docs on how to use Tink, because the Tink-related code is buried within lots of extra code doing other unrelated (to the lib) stuff, like args parsing, file reading, error handling, etc. Around 90% of the code in the example is unrelated to Tink.

    IMHO, I would still keep that example console tool, but before that I would include a far simpler example in which only encryption with Tink is done. Something like this:

    from tink import JsonKeysetReader, cleartext_keyset_handle, daead
    
    # prepare Tink, a keyset and a cipher
    daead.register()
    keyset_handle = cleartext_keyset_handle.read(JsonKeysetReader("maybe a keyset example here? is it too complex?"))
    cipher = keyset_handle.primitive(daead.DeterministicAead)
    
    # encrypt data:
    input_data = "Hello world!"
    associated_data = b""
    encrypted_data = cipher.encrypt_deterministically(input_data, associated_data)
    
    # decrypt data:
    decrypted_data = cipher.decrypt_deterministically(encrypted_data, associated_data)
    
    opened by fisadev 0
  • GcpKmsClient does not work with workload-identity-federation

    GcpKmsClient does not work with workload-identity-federation

    Describe the bug

    We have implemented a workload-identity-federation based workflow in Github-Actions. We are using the "auth" plugin for github-actions. This works all fine, until our unit-tests try to establish a connection to GCP KMS in "GcpKmsClient".

    The credentials provided by workload-identity-federation looks as follows:

    { "type": "external_account", "audience": "***", "subject_token_type": "urn:ietf:params:oauth:token-type:jwt", "token_url": "https://sts.googleapis.com/v1/token", "service_account_impersonation_url": "***", "credential_source": { "url": "***", "headers": { "Authorization": "***" }, "format": { "type": "json", "subject_token_field_name": "value" } } }

    The type is set to "external_account" which leads to the following exception during our test-execution:

    Caused by: java.io.IOException: Error reading credentials from stream, 'type' value 'external_account' not recognized. Expecting 'authorized_user' or 'service_account'. at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.fromStream(GoogleCredential.java:249) at com.google.api.client.googleapis.auth.oauth2.DefaultCredentialProvider.getCredentialUsingEnvironmentVariable(DefaultCredentialProvider.java:217) ... 155 common frames omitted

    The "GcpKmsClient" implementation uses "com.google.api-client:google-api-client:1.31.4" and the "GoogleCredential" class which does only support the "authorized_user" and "service_account" credential-type and not the "external_account"-type. Also, the "GoogleCredential" class is marked deprecated and the use of "google-auth-library" is encouraged. This module seems to handle "external_account"-types correctly.

    To Reproduce

    • create credentials as provided by workload-identity-federation
    • try to register a GcpKmsClient using these credentials

    Expected behavior

    GcpKmsClient works with credentials as provided by workload-identity-federation.

    Version information

    • Version: tink-gcpkms 1.6.1
    • Environment: JDK 16
    opened by tobiasendres 0
  • Java and Golang AWS KMS AEAD are not compatible.

    Java and Golang AWS KMS AEAD are not compatible.

    Help us help you

    Please tell us more about your Tink deployment.

    Describe the bug

    Given I encrypt a string "foo" with the encryption context "bar" in Golang
    When I decrypt the string with the Java library
    Then I should succeed
    But the decryption fail
    

    To Reproduce

    Include buildable code snippets or gists which triggered the bug.

    Golang encryption

    
    newSession, err := session.NewSession()
    if err != nil {
      log.Fatal(err)
    }
    
    k := kms.New(newSession)
    
    withKMS, err := awskms.NewClientWithKMS("aws-kms://arn:aws:kms:us-east-1:000000000000:alias/testing", k)
    if err != nil {
       log.Fatal(err)
    }
    registry.RegisterKMSClient(withKMS)
    mk, err := withKMS.GetAEAD(keyUri)
    if err != nil {
       log.Fatal(err)
    }
    
    cipherTextBytes := mk.Encrypt([]byte("foo"), []byte("bar"))
    

    Kotlin decryption

    AeadConfig.register()
    val handle = KeysetHandle.generateNew(
       KmsAeadKeyManager.createKeyTemplate(kmsKeyUri)
    )
    
    AwsKmsClient.register(
      Optional.of("aws-kms://arn:aws:kms:us-east-1:000000000000:alias/testing"),
      Optional.empty()
    )
    
    val aead = handle.getPrimitive(Aead::class.java)
    
    val decrypted = aead.decrypt(
      cipherTextBytes,
      "bar".toByteArray()
    )
    

    Expected behaviour

    Java client should be able to decrypt the cyphertext produced by the Golang implementation, even when additional data is passed to the decrypt method.

    Error messages, stack traces, etc.

    Stacktrace :

    Caused by: java.security.GeneralSecurityException: decryption failed
    	at com.google.crypto.tink.aead.AeadWrapper$WrappedAead.decrypt(AeadWrapper.java:83)
    

    Version information

    • Language: Kotlin, Golang
    • Version: (e.g., Tink Java 1.6.1, Tink Golang 1.6.1)
    • Environment: (e.g., JDK 11, Golang 1.16)

    Additional context

    We found out that decryption was working properly when no additional data is passed. Debugging further we noticed an inconsistency in the key used in the encryption context of AWS KMS:

    Golang : https://github.com/google/tink/blob/e231fe638eb1f1ed8f1d45cc665ee98736c781d6/go/integration/awskms/aws_kms_aead.go#L52

    Java: https://github.com/google/tink/blob/e231fe638eb1f1ed8f1d45cc665ee98736c781d6/java_src/src/main/java/com/google/crypto/tink/integration/awskms/AwsKmsAead.java#L73

    opened by dstendardi 0
  • How to use one of the ENABLED keyId from multi key keySet file?

    How to use one of the ENABLED keyId from multi key keySet file?

    if I have a multiple active keys in a keyset, how do I specify which KeyId I want to use to encrypt using Aead API?

    {
        "primaryKeyId": 1268760993,
        "key": [
            {
                "keyData": {
                    "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
                    "value": "aaaaaa",
                    "keyMaterialType": "SYMMETRIC"
                },
                "status": "ENABLED",
                "keyId": 1268760993,
                "outputPrefixType": "TINK"
            },
            {
                "keyData": {
                    "typeUrl": "type.googleapis.com/google.crypto.tink.AesGcmKey",
                    "value": "bbbbb",
                    "keyMaterialType": "SYMMETRIC"
                },
                "status": "ENABLED",
                "keyId": 851085696,
                "outputPrefixType": "TINK"
            }
        ]
    }
    
    opened by xmlking 0
  • tinkey: support generation multiple keys in the keySet with one command.

    tinkey: support generation multiple keys in the keySet with one command.

    today we have to run tinkey CLI multiple times to generate multi-key keySet file. e.g.:

    tinkey create-keyset --key-template AES128_GCM  --out-format json --out aead_keyset.json
    tinkey add-key  --in aead_keyset.json --in-format json --out aead_keyset2.json --out-format json  --key-template AES128_GCM
    tinkey add-key  --in aead_keyset2.json --in-format json --out aead_keyset3.json --out-format json  --key-template AES128_GCM
    

    it would be nice to support option to specify number of keys when generation same key types ( --key-template) in a single keyset file.

    Use case: we have streaming app that encrypt each incoming record with one of the enabled key picked randomly from the keyset, and include KeyId along with encrypted message. on decryption side, it use same KeyId to decrypt.

    opened by xmlking 0
  • Duplicate class jetified-tink and jetified-tink-awskms

    Duplicate class jetified-tink and jetified-tink-awskms

    I would like to use AWS KMS integration in my Java Android Project.

    Anyway I have just applied the sample code in JAVA-HOWTO.md but the problem was that AwsKmsClient wasn't able to resolve by Android Studio I think it was because I was using 'com.google.crypto.tink:tink-android:1.6.1' in my Gradle.

    I have seen since 1.3.0 I have to apply as a different package in my gradle so I did implement tink-awskms in gradle. I couldn't use them both so I have deleted tink-android module from the gradle and left only tink-awskms but still I cannot run my app because of some Duplicate class errors. I have tried every way actually. Protobufs, excluding modules on gradle after 3 hours of work I still have nothing.

    I will drop my gradle file and the errors that I'm getting during the compile time.

    configurations { all { exclude group: "com.google.crypto.tink", module: "jetified-tink" exclude group: "com.google.crypto.tink", module: "jetified-tink-android" } }

    implementation 'androidx.appcompat:appcompat:1.4.0' implementation 'com.google.android.material:material:1.4.0' implementation 'androidx.constraintlayout:constraintlayout:2.1.2' testImplementation 'junit:junit:4.+' androidTestImplementation 'androidx.test.ext:junit:1.1.3' androidTestImplementation 'androidx.test.espresso:espresso-core:3.4.0' implementation("com.google.guava:guava:31.0.1-jre") // Import the BoM for the Firebase platform implementation platform('com.google.firebase:firebase-bom:29.0.3') implementation 'com.google.firebase:firebase-storage' implementation 'com.google.crypto.tink:tink-awskms:1.6.1'

    Error that I'm getting; Duplicate class com.google.crypto.tink.Aead found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.KmsClient found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.KmsClients found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFips found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFips$1 found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFips$AlgorithmFipsCompatibility found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFips$AlgorithmFipsCompatibility$1 found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFips$AlgorithmFipsCompatibility$2 found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFipsDisabled found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.config.TinkFipsStatus found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.subtle.Enums found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.subtle.Enums$HashType found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.subtle.Validators found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1) Duplicate class com.google.crypto.tink.subtle.Validators$1 found in modules jetified-tink-1.6.1 (com.google.crypto.tink:tink:1.6.1) and jetified-tink-awskms-1.6.1 (com.google.crypto.tink:tink-awskms:1.6.1)

    opened by SomonTeknoloji 0
Releases(v1.6.1)
  • v1.6.1(Jul 13, 2021)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.6.1.

    To get started using Tink, see the installation instructions.

    What's new

    This is a patch release.

    The complete list of changes since 1.6.0 can be found here.

    Java

    Fix dependencies in Java Maven packages

    In Tink 1.6.0, the Java Bazel configuration included a couple instances of a non-Android target depending on an Android target and vice versa. This resulted in larger than expected Maven packages.

    Miscellaneous

    Minor documentation fixes.

    Known issues

    • ~Tink for Python has issues in setup.py and the distribution scripts. Due to this, PyPI packages have not been published for this release. A follow up patch release will address this shortly.~ PyPI packages for 1.6.1 have been published. If you want to build these packages from branch 1.6 by yourself, patch in https://github.com/google/tink/commit/465753ac71d51baab8804aa7908b96e562fe4bff.
    • Tink for Obj-C still does not build with Bazel. However, you can still use it in your apps by installing our prebuilt package.
    Source code(tar.gz)
    Source code(zip)
  • v1.6.0(May 18, 2021)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.6.0.

    To get started using Tink, see the installation instructions.

    What's new

    The complete list of changes since 1.5.0 can be found here.

    New documentation website

    We've launched a new home for Tink documentation at https://developers.google.com/tink.

    The site brings together content currently spread across the HOW-TOs and other markdown files throughout the project repository.

    Initially, we've populated the site with instructions and code snippets for the Java and Python implementations. Moving forward, expect additional content covering other language implementations, additional critical path overviews, and more.

    Java

    Key templates API

    Introduced the KeyTemplates class. It has a get(name) method that facilitates getting any registered key template.

    A list of currently registered key templates can be obtained by calling Registry.keyTemplates()

    Custom key manager method removals

    The following methods have been removed. Except where noted, the methods had been annotated as being deprecated.

    • Registry
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager, Class<P> primitiveClass)
        • not deprecated
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, Class<P> primitiveClass)
        • not deprecated
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager)
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle)
    • KeysetHandle
      • public <P> P getPrimitive(KeyManager<P> customKeyManager, Class<P> targetClassObject)
    • MacFactory
      • public static Mac getPrimitive(KeysetHandle keysetHandle, final KeyManager<Mac> keyManager)
    • HybridDecryptFactory
      • public static HybridDecrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridDecrypt> keyManager)
    • AeadFactory
      • public static Aead getPrimitive(KeysetHandle keysetHandle, final KeyManager<Aead> keyManager)
    • PublicKeyVerifyFactory
      • public static PublicKeyVerify getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeyVerify> keyManager)
    • PublicKeySignFactory
      • public static PublicKeySign getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeySign> keyManager)
    • DeterministicAeadFactory
      • public static DeterministicAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<DeterministicAead> keyManager)
    • StreamingAeadFactory
      • public static StreamingAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<StreamingAead> keyManager)
        • not deprecated
    • HybridEncryptFactory
      • public static HybridEncrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridEncrypt> keyManager)

    Dependency updates

    org.json to GSON

    The project has migrated to GSON for JSON serialization/deserialization functionality.

    Due to this change, the Java implementation is no longer producing HTML-safe encoding by default. This behavior aligns the Java implementation with the other language implementations of Tink.

    C++

    FIPS only mode

    https://github.com/google/tink/blob/1.6/docs/FIPS.md

    Obj-C

    Support for serializing keys with non-secret key material

    Implemented the serializedKeysetNoSecret method on TINKKeysetHandle. This facilitates exporting public keys.

    Known issues

    • Tink for Obj-C still does not build with Bazel. However, you can still use it in your apps by installing our prebuilt package.

    Hall of Fame

    This release includes contributions from the following community members:

    Source code(tar.gz)
    Source code(zip)
  • v1.5.0(Oct 16, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.5.0.

    The complete list of changes since 1.4.0 can be found here.

    What's new

    Security fixes

    This release fixes a ciphertext malleability issue (CVE-2020-8929) in Tink for Java and Android. This is a low severity issue. No loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.

    New language: Javascript/Typescript

    This release introduces alpha support for Javascript/Typescript. Check out the HOW-TO and let us know what you think!

    New primitive: PRF set

    The PRF set primitive allows to redact data in a deterministic fashion, for example personal identifiable information or internal IDs, or to come up with a user ID from user information without revealing said information in the ID. This allows someone with access to the output of the PRF without access to the key do some types of analysis, while limiting others.

    This primitive is supported in C++, Java, Python and Golang.

    Python

    • Added Streaming AEAD. Check out the example for how to encrypt arbitrary large files.

    • Added CMAC.

    • Added a lot of examples.

    pip3 install tink
    

    C++

    We no longer offer prebuilt binaries for C++. Please check out the HOW-TO for compiling your application together with Tink using Bazel or CMake.

    Obj-C

    • Added support for accessGropus to TINKKeysetHandle.
    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.5.0'
    pod install
    

    Golang

    • Added Streaming AEAD with AES-CTR-HMAC.
    • Bundled HCVault with Tink. In 1.4.0, HCVault was offered as a separate module, but we were advised by the Golang's team that it should be bundled with Tink.
    go get github.com/google/tink/go/...
    

    Java

    • Added AES-GCM-SIV. This requires a Java security provider that supports AES-GCM-SIV such as Conscrypt.
    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.5.0</version>
    </dependency>
    

    Android

    • When a call to Android KeyStore failed, Tink will wait a random number of milliseconds (up to 100) before retrying one more time.
    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.5.0'
    }
    

    Tinkey

    brew tap google/tink https://github.com/google/tink
    brew install tinkey
    

    The prebuilt binary attached to this release should also work well on Windows.

    Known issues

    • Tink for Obj-C doesn't build with Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.
    Source code(tar.gz)
    Source code(zip)
    tinkey-1.5.0.tar.gz(11.15 MB)
  • v1.4.0(Jul 14, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0.

    The complete list of changes since 1.3.0 can be found here.

    What's new

    Security fixes

    This release fixes the following potential security issues, affected users are recommended to upgrade.

    • Quan Nguyen of Snap Inc. found that AES-CTR-HMAC-AEAD keys and the EncryptThenAuthenticate subtle implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:

      • Tink C++ is used on systems where size_t is a 32-bit integer. This is usually the case on 32-bit machines.
      • The attacker can specify long (>= 2^29 bytes ~ 536MB) associated data.
    • Streaming AEAD implementations encrypt the plaintext in segments. Tink uses a 4-byte segment counter. When encrypting a stream consisting of more than 2^32 segments, the segment counter might overflow and lead to leakage of key material or plaintext. This problem was found in the Java and Go implementations of the AES-GCM-HKDF-Streaming key type.

    Python

    This version introduces support for Python 3.7 and 3.8.

    Tink in Python is built on top of C++. It supports all primitives but Streaming AEAD. For an overview, see the HOW-TO. In addition, there are illustrative examples of using Tink in Python which can be used as a jumping off point.

    PyPi binary packages for Linux and macOS are provided.

    pip3 install tink
    

    C++

    • Attempt to erase keys from memory after use.

    • Adding support for CordAead, which is a more memory-efficient version of Aead that uses absl::Cord.

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C

    • Removing Obj-C protobufs.
    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0'
    pod install
    

    Golang

    • Cleaning up Godoc and adding better examples.
    go get github.com/google/tink/go/...
    

    Java

    • Removing support for Java 7.
    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0</version>
    </dependency>
    

    Android

    • Bundling a shaded copy of Google Protobuf. This fixes an annoying version conflict bug.

    • Bundling a rule file to ensure compatibility with Proguard/R8.

    • Refactoring Android Keystore integration

      • Running a self-test to only enable the integration if Android Keystore is working properly.

      • Do not automatically generate fresh keys if keys exist but are corrupt. This won't recover corrupt keys, but at least it will allow to gather more data on Android Keystore failures.

    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.4.0'
    }
    

    Tinkey

    Tinkey can now be installed via Homebrew on Linux and macOS.

    brew tap google/tink https://github.com/google/tink
    brew install tinkey
    

    The binaries can also be downloaded from

    • https://storage.googleapis.com/tinkey/tinkey-darwin-x86_64-1.4.0.tar.gz
    • https://storage.googleapis.com/tinkey/tinkey-linux-x86_64-1.4.0.tar.gz

    Known issues

    • Tink in Obj-C doesn't build. That is, you can't build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.
    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-rc2(May 15, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0-rc2.

    Changes

    This release candidate adds things that we want to ship in 1.4.0, but didn't have a chance to add them to 1.4.0-rc1, such as:

    • a proper fix for the infamous Protobuf issue in Tink for Android.
    • a better go.mod config.
    • many changes in Tink Python that didn't make the last release cut.

    The complete list of changes since 1.4.0-rc1 can be found here.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0-rc2'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Python

    See setup instructions.

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.4.0-rc2'
    }
    

    Known issues

    • Tink Obj-C doesn't build. That is, you can't check out Tink Obj-C and build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.

    What's next

    1.4.0 final should be out in 1-2 weeks, barring new issues.

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-rc1(Apr 30, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0-rc1.

    Changes

    • This version introduces support for Python. Tink Python, which is a Pybind11 wrapper of Tink C++, supports all primitives but Streaming AEAD (which will come in 1.5.0). For an overview of using the Tink Python implementation, see the Python HOW-TO. In addition, there are illustrative examples of using Tink Python which can be used as a jumping off point.

    • Tink C++ now tries to erase keys from memory after use.

    The complete list of changes since 1.3.0 can be found here. Please note that Tink JavaScript is not a part of this release.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0-rc1'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Python

    See setup instructions.

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0-rc1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.4.0-rc1'
    }
    

    Known issues

    • Tink Obj-C doesn't build. That is, you can't check out Tink Obj-C and build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above. We're fixing this.

    What's next

    1.4.0 final should be out in 1-2 weeks, barring new issues.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0(Mar 19, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0.

    Changes

    There is no change since rc4.

    Compared to 1.2.x, main changes in 1.3.0 include

    • new language: Golang with primitives MAC, AEAD (incl. KMS envelope), deterministic AEAD, hybrid encryption and digital signatures (see supported primitives and GOLANG HOWTO for details)
    • C++ deterministic AEAD (AES-SIV) and streaming AEAD (AES-GCM-HKDF-STREAMING)
    • C++ KMS-AEAD and KMS-envelope-AEAD, incl. integration with AWS KMS and GCP KMS.
    • RSA-signatures for Java and C++ (RSA-SSA-PKCS1, RSA-SSA-PSS)
    • ED25519 signatures for C++, Obj-C, and Go

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0'
    }
    

    What's next

    We're actively working on 1.4.0. This release will add Python support. It should be out by April 2020.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc4(Feb 20, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 4.

    Changes

    The complete list of changes since 1.3.0-rc3 can be found here.

    Changes of note include (from rc3 to rc4):

    • Fix an inconsistency in the Envelope Encryption approach in the C++ implementation (8e4b5c700)

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc4.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc4'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc4</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc4'
    }
    

    What's next

    This should be the last release candidate before the final 1.3.0 release.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc3(Dec 20, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 3

    Changes

    The complete list of changes since 1.3.0-rc2 can be found here.

    Changes of note include (from rc2 to rc3):

    • Fix ExceptionInInitializerError with tink-android (#289)
    • Fix CocoaPod to actually include new APIs.

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc3.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    The Obj-C artifacts are pending publication. This note will be removed once they are published.

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc3'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc3</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc3'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by December 2019.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc2(Dec 20, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 2

    Changes

    The complete list of changes since 1.3.0-rc1 can be found here.

    Changes of note include (from rc1 to rc2):

    • The recommended version of Bazel is documented in the .bazelversion file in the root of the repository. This approach is compatible with Bazelisk, a wrapper for Bazel maintained by the Bazel team.

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc2.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc2'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc2'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by December 2019.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.3.0-rc2.tar(2.53 MB)
    libtink-linux-x86_64-1.3.0-rc2.tar(2.67 MB)
  • v1.3.0-rc1(Jul 1, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 1

    Changes

    The complete list of changes since 1.2.2 can be found here.

    The main changes include:

    • new language: Tink in Go, with primitives MAC, AEAD (incl. KMS envelope), deterministic AEAD, hybrid encryption and digital signatures (see supported primitives and GOLANG HOWTO for details)
    • C++ deterministic AEAD (AES-SIV) and streaming AEAD (AES-GCM-HKDF-STREAMING)
    • C++ KMS-AEAD and KMS-envelope-AEAD, incl. integration with AWS KMS and GCP KMS.
    • RSA-signatures for Java and C++ (RSA-SSA-PKCS1, RSA-SSA-PSS)
    • ED25519 signatures for C++, Obj-C, and Go

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc1.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc1'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc1'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by the end of July 2019.

    Source code(tar.gz)
    Source code(zip)
  • v1.2.2(Jan 25, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.2.

    Changes

    This release fixes an issue with the Obj-C build distributed via CocoaPods. In particular, the BoringSSL library is statically linked to prevent namespace clashes in projects which depend on OpenSSL.

    The complete list of changes since 1.2.1 can be found here.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.2.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.2'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.2'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.2.tar.gz(1.86 MB)
    libtink-linux-x86_64-1.2.2.tar.gz(1.89 MB)
  • v1.2.1(Nov 16, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.1.

    Changes

    This release fixes a bunch of (non-security) bugs. There is no change in the public APIs.

    The complete list of changes since 1.2.0 can be found here.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.1.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.1'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.1'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.1.tar.gz(1.68 MB)
    libtink-linux-x86_64-1.2.1.tar.gz(1.69 MB)
  • v1.2.0(Aug 10, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0.

    Changes

    The complete list of changes since Release Candidate 4 can be found here.

    Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0.tar.gz(1.63 MB)
    libtink-linux-x86_64-1.2.0.tar.gz(1.65 MB)
  • v1.2.0-rc4(Aug 1, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 4.

    Changes

    The complete list of changes since Release Candidate 3 can be found here.

    Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc4.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc4'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc4</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc4'
    }
    

    What's next

    This is intended to be the last release candidate before the final 1.2.0 release.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc4.tar.gz(1.59 MB)
    libtink-linux-x86_64-1.2.0-rc4.tar.gz(1.62 MB)
  • v1.2.0-rc3(Jul 27, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 3.

    Changes

    The complete list of changes since Release Candidate 2 can be found here. Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    This candidate adds C++/Obj-C APIs to generate keys and to get public keys from private keys. We thank Sreejith Krishnan R for reporting these bugs.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc3.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc3'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc3</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc3'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.2.0 release. It should be out by the end of July 2018.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc3.tar.gz(1.59 MB)
    libtink-linux-x86_64-1.2.0-rc3.tar.gz(1.62 MB)
  • v1.2.0-rc2(Jul 13, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 2.

    Note: Release Candidate 1 was private and used to test the Obj-C publishing process.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library. The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux" # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
    "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc2.tar.gz" |
    sudo tar -xz -C $TARGET_DIR
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc2'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc2'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.2.0 release. It should be out by the end of July 2018.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc2.tar.gz(1.58 MB)
    libtink-linux-x86_64-1.2.0-rc2.tar.gz(1.62 MB)
  • v1.1.1(May 26, 2018)

    Tink is a multi-language, cross-platform library that provides an easy, simple, secure, and agile API for common cryptographic tasks.

    This is a minor release which includes a fix for a build error (#94) and documentation cleanup.

    Installation

    Java developers can install Tink using Maven:

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.1.1</version>
    </dependency>
    

    Android developers can install Tink using Gradle:

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.1.1'
    }
    

    For usage, please see the Java HOWTO. A list of known issues is provided here.

    Javadoc

    Source code(tar.gz)
    Source code(zip)
  • v1.1.0(Apr 19, 2018)

    Tink is a multi-language, cross-platform library that provides an easy, simple, secure, and agile API for common cryptographic tasks.

    This is the second release. Like the first release, Java is still the only officially supported language. Tink for C++, Objective-C and Go are working (C++ has been running in production at Google for a while), and we’re working hard to bring these languages in 1.2.0. See our feature roadmap for more details.

    Installation

    Java developers can install Tink using Maven:

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Android developers can install Tink using Gradle:

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.1.0'
    }
    

    For usage, please see the Java HOWTO. A list of known issues is provided here.

    New primitives and algorithms

    • AEAD: CHACHA20-POLY1305

    • Digital Signature: ED25519

    • Deterministic AEAD: AES-SIV

    • Streaming AEAD: AES-GCM-HKDF-STREAMING and AES-CTR-HMAC-STREAMING

    New apps

    Aside from the core APIs, Tink provides apps that implement common standards or protocols. The apps depend on Tink, but are built separately.

    Google Pay Token

    This app is an implementation of Google Pay Token Cryptography Standard. Version 1.1.0 adds supports for the ECv2 protocol.

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>apps-paymentmethodtoken</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Web Push Message Encryption

    This app is an implementation of RFC 8291 - Message Encryption for Web Push.

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>apps-webpush</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Javadoc

    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Sep 9, 2017)

    This is the first release of Tink. The only supported language in this release is Java. Tink for Java comes in two flavors:

    • The main flavor, and
    • The Android flavor that is optimized for Android.

    For installation and usage, please see the Java HOWTO.

    Supported primitives and algorithms

    Both flavors support the following primitives and algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD, KMS Envelope
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Supported key management systems

    • Main flavor: AWS KMS, GCP KMS
    • Android flavor: Android Keystore (require Android M or newer).

    Warnings

    Do not use APIs including fields and methods marked with the @Alpha annotation. They can be modified in any way, or even removed, at any time. They are in the package, but not for official, production release, but only for testing.

    What's next

    We've already started working on 1.1.0. If things go well, we'll introduce the following algorithms:

    • AEAD: CHACHA20-POLY1305, XCHACHA20-POLY1305, XSALSA20-POLY1305
    • Digital signature: EdDSA over Ed25519
    • Hybrid Encryption: NaCl CryptoBox
    Source code(tar.gz)
    Source code(zip)
Owner
Google
Google ❤️ Open Source
Google
Pure Go GOST cryptographic functions library.

Pure Go GOST cryptographic functions library. GOST is GOvernment STandard of Russian Federation (and Soviet Union). GOST 28147-89 (RFC 5830) block cip

Pedro Albanese 1 Dec 20, 2021
ConsenSys Software 6 Jan 8, 2022
Cross-platform application for easy encrypted sharing of files, folders, and text between devices.

wormhole-gui Wormhole-gui is a cross-platform application that lets you easily share files, folders and text between devices. It uses the Go implement

Jacob 554 Jan 16, 2022
goKryptor is a small and portable cryptographic tool for encrypting and decrypting files.

goKryptor goKryptor is a small and portable cryptographic tool for encrypting and decrypting files. This tool supports XOR and AES-CTR (Advanced Encry

null 0 Dec 6, 2021
Go implementation of BLAKE2 (b) cryptographic hash function (optimized for 64-bit platforms).

Go implementation of BLAKE2b collision-resistant cryptographic hash function created by Jean-Philippe Aumasson, Samuel Neves, Zooko Wilcox-O'Hearn, an

Dmitry Chestnykh 87 Dec 6, 2021
Cryptographic Addition Chain Generation in Go

Cryptographic Addition Chain Generation in Go addchain generates short addition chains for exponents of cryptographic interest with results rivaling t

Michael McLoughlin 138 Jan 3, 2022
An open source smart contract platform

EOSIO - The Most Powerful Infrastructure for Decentralized Applications Welcome to the EOSIO source code repository! This software enables businesses

EOSIO 11.3k Jan 19, 2022
ChainMaker, a blockchain platform for building secure

ChainMaker, a blockchain platform for building secure, trustworthy value-exchange networks to power the new global digital economy. ChainMaker aim

Devin 2 Jan 18, 2022
Simple, fast and safe cross-platform linear binary stream communication protocol. AES key exchange based on ecc secp256k1

FFAX Protocol 2 dev 简体中文 Welcome to FFAX Protocol v2 Quick start go get github.com/RealFax/FFAX func example() { listener, err := net.Listen("tcp",

Realfax Messenger 59 Jan 10, 2022
A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

A simple, modern and secure encryption tool (and Go library) with small explicit keys, no config options, and UNIX-style composability.

Filippo Valsorda 9.7k Jan 15, 2022
Easy to use encryption library for Go

encryptedbox EncryptedBox is an easy to use module for Go that can encrypt or sign any type of data. It is especially useful when you must serialize y

Jesse Swidler 18 Oct 26, 2021
Security research and open source implementation of the Apple 'Wireless Accessory Configuration' (WAC) protocol

Apple 'Wireless Accessory Configuration' (WAC) research Introduction This repository contains some research on how the WAC protocol works. I was mostl

Bertold Van den Bergh 3 Dec 16, 2021
The Bhojpur Wallet is a platform-as-a-service product used as a Wallet Engine based on the Bhojpur.NET Platform for application delivery.

Bhojpur Wallet - Data Processing Engine The Bhojpur Wallet is a platform-as-a-service used as a Service Engine based on the Bhojpur.NET Platform. It l

Bhojpur Consulting 0 Jan 16, 2022
OpenZeppelin Contracts is a library for secure smart contract development.

A library for secure smart contract development. Build on a solid foundation of community-vetted code. Implementations of standards like ERC20 and ERC

OpenZeppelin 15.2k Jan 19, 2022
hack-browser-data is an open-source tool that could help you decrypt data from the browser.

hack-browser-data is an open-source tool that could help you decrypt data ( password|bookmark|cookie|history|credit card|download

idiotc4t 85 Jan 7, 2022
Open Source Ethereum Mining Pool With Go

Open Source Ethereum Mining Pool Features This pool is being further developed to provide an easy to use pool for Ethereum miners. This software is fu

null 1 Dec 12, 2021
Open Source Etho Mining Pool - tuned for 8000000 block hardfork on EthoProtocol blockchain.

Open Source Etho Mining Pool - tuned for 8000000 block hardfork on EthoProtocol blockchain. image to be updated soon! Features This pool is being furt

Don Kingdon 4 Dec 28, 2021
Minlib - Multi-Identifier Network Development Library

minlib 1. Install git clone https://gitea.qjm253.cn/PKUSZ-future-network-lab/min

null 9 Jan 7, 2022
An easy-to-use XChaCha20-encryption wrapper for io.ReadWriteCloser (even lossy UDP) using ECDH key exchange algorithm, ED25519 signatures and Blake3+Poly1305 checksums/message-authentication for Go (golang). Also a multiplexer.

Quick start Prepare keys (on both sides): [ -f ~/.ssh/id_ed25519 ] && [ -f ~/.ssh/id_ed25519.pub ] || ssh-keygen -t ed25519 scp ~/.ssh/id_ed25519.pub

null 22 Dec 22, 2021