Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.7.0.
To get started using Tink, see the installation instructions.
To see what we're working towards, check our project roadmap.
The complete list of changes since 1.6.1 can be found here.
CMAKE_CXX_STANDARD
, see the CMAKE HOW-TO
absl::Status
and absl::StatusOr
NewClientWithOptions
which takes option.ClientOptions
arguments.NOTE: Pending publication to CocoaPods.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.6.1.
To get started using Tink, see the installation instructions.
This is a patch release.
The complete list of changes since 1.6.0 can be found here.
In Tink 1.6.0, the Java Bazel configuration included a couple instances of a non-Android target depending on an Android target and vice versa. This resulted in larger than expected Maven packages.
Minor documentation fixes.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.6.0.
To get started using Tink, see the installation instructions.
The complete list of changes since 1.5.0 can be found here.
We've launched a new home for Tink documentation at https://developers.google.com/tink.
The site brings together content currently spread across the HOW-TOs and other markdown files throughout the project repository.
Initially, we've populated the site with instructions and code snippets for the Java and Python implementations. Moving forward, expect additional content covering other language implementations, additional critical path overviews, and more.
Introduced the KeyTemplates class. It has a get(name)
method that facilitates getting any registered key template.
A list of currently registered key templates can be obtained by calling Registry.keyTemplates()
The following methods have been removed. Except where noted, the methods had been annotated as being deprecated.
public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager, Class<P> primitiveClass)
public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, Class<P> primitiveClass)
public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager)
public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle)
public <P> P getPrimitive(KeyManager<P> customKeyManager, Class<P> targetClassObject)
public static Mac getPrimitive(KeysetHandle keysetHandle, final KeyManager<Mac> keyManager)
public static HybridDecrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridDecrypt> keyManager)
public static Aead getPrimitive(KeysetHandle keysetHandle, final KeyManager<Aead> keyManager)
public static PublicKeyVerify getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeyVerify> keyManager)
public static PublicKeySign getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeySign> keyManager)
public static DeterministicAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<DeterministicAead> keyManager)
public static StreamingAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<StreamingAead> keyManager)
public static HybridEncrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridEncrypt> keyManager)
The project has migrated to GSON for JSON serialization/deserialization functionality.
Due to this change, the Java implementation is no longer producing HTML-safe encoding by default. This behavior aligns the Java implementation with the other language implementations of Tink.
https://github.com/google/tink/blob/1.6/docs/FIPS.md
Implemented the serializedKeysetNoSecret method on TINKKeysetHandle. This facilitates exporting public keys.
This release includes contributions from the following community members:
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.5.0.
The complete list of changes since 1.4.0 can be found here.
This release fixes a ciphertext malleability issue (CVE-2020-8929) in Tink for Java and Android. This is a low severity issue. No loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.
This release introduces alpha support for Javascript/Typescript. Check out the HOW-TO and let us know what you think!
The PRF set primitive allows to redact data in a deterministic fashion, for example personal identifiable information or internal IDs, or to come up with a user ID from user information without revealing said information in the ID. This allows someone with access to the output of the PRF without access to the key do some types of analysis, while limiting others.
This primitive is supported in C++, Java, Python and Golang.
Added Streaming AEAD. Check out the example for how to encrypt arbitrary large files.
Added CMAC.
Added a lot of examples.
pip3 install tink
We no longer offer prebuilt binaries for C++. Please check out the HOW-TO for compiling your application together with Tink using Bazel or CMake.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.5.0'
pod install
go get github.com/google/tink/go/...
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.5.0</version>
</dependency>
dependencies {
implementation 'com.google.crypto.tink:tink-android:1.5.0'
}
brew tap google/tink https://github.com/google/tink
brew install tinkey
The prebuilt binary attached to this release should also work well on Windows.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.4.0.
The complete list of changes since 1.3.0 can be found here.
This release fixes the following potential security issues, affected users are recommended to upgrade.
Quan Nguyen of Snap Inc. found that AES-CTR-HMAC-AEAD keys and the EncryptThenAuthenticate subtle implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:
Streaming AEAD implementations encrypt the plaintext in segments. Tink uses a 4-byte segment counter. When encrypting a stream consisting of more than 2^32 segments, the segment counter might overflow and lead to leakage of key material or plaintext. This problem was found in the Java and Go implementations of the AES-GCM-HKDF-Streaming key type.
This version introduces support for Python 3.7 and 3.8.
Tink in Python is built on top of C++. It supports all primitives but Streaming AEAD. For an overview, see the HOW-TO. In addition, there are illustrative examples of using Tink in Python which can be used as a jumping off point.
PyPi binary packages for Linux and macOS are provided.
pip3 install tink
Attempt to erase keys from memory after use.
Adding support for CordAead, which is a more memory-efficient version of Aead
that uses absl::Cord.
We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.4.0'
pod install
go get github.com/google/tink/go/...
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.4.0</version>
</dependency>
Bundling a shaded copy of Google Protobuf. This fixes an annoying version conflict bug.
Bundling a rule file to ensure compatibility with Proguard/R8.
Refactoring Android Keystore integration
Running a self-test to only enable the integration if Android Keystore is working properly.
Do not automatically generate fresh keys if keys exist but are corrupt. This won't recover corrupt keys, but at least it will allow to gather more data on Android Keystore failures.
dependencies {
implementation 'com.google.crypto.tink:tink-android:1.4.0'
}
Tinkey can now be installed via Homebrew on Linux and macOS.
brew tap google/tink https://github.com/google/tink
brew install tinkey
The binaries can also be downloaded from
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.4.0-rc2.
This release candidate adds things that we want to ship in 1.4.0, but didn't have a chance to add them to 1.4.0-rc1, such as:
The complete list of changes since 1.4.0-rc1 can be found here.
We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.4.0-rc2'
pod install
To install Tink locally run:
go get github.com/google/tink/go/...
See setup instructions.
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.4.0-rc2</version>
</dependency>
dependencies {
implementation 'com.google.crypto.tink:tink-android:1.4.0-rc2'
}
1.4.0 final should be out in 1-2 weeks, barring new issues.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.4.0-rc1.
This version introduces support for Python. Tink Python, which is a Pybind11 wrapper of Tink C++, supports all primitives but Streaming AEAD (which will come in 1.5.0). For an overview of using the Tink Python implementation, see the Python HOW-TO. In addition, there are illustrative examples of using Tink Python which can be used as a jumping off point.
Tink C++ now tries to erase keys from memory after use.
The complete list of changes since 1.3.0 can be found here. Please note that Tink JavaScript is not a part of this release.
We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.4.0-rc1'
pod install
To install Tink locally run:
go get github.com/google/tink/go/...
See setup instructions.
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.4.0-rc1</version>
</dependency>
dependencies {
compile 'com.google.crypto.tink:tink-android:1.4.0-rc1'
}
1.4.0 final should be out in 1-2 weeks, barring new issues.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.3.0.
There is no change since rc4.
Compared to 1.2.x, main changes in 1.3.0 include
Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.
We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.3.0'
pod install
To install Tink locally run:
go get github.com/google/tink/go/...
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.3.0</version>
</dependency>
dependencies {
compile 'com.google.crypto.tink:tink-android:1.3.0'
}
We're actively working on 1.4.0. This release will add Python support. It should be out by April 2020.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.3.0 Release Candidate 4.
The complete list of changes since 1.3.0-rc3 can be found here.
Changes of note include (from rc3 to rc4):
Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.
OS="$(uname | tr '[:upper:]' '[:lower:]')"
TARGET_DIR="/usr/local"
curl -L \
"https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc4.tar.gz" |
sudo tar -xz -C ${TARGET_DIR}
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.3.0-rc4'
pod install
To install Tink locally run:
go get github.com/google/tink/go/...
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.3.0-rc4</version>
</dependency>
dependencies {
compile 'com.google.crypto.tink:tink-android:1.3.0-rc4'
}
This should be the last release candidate before the final 1.3.0 release.
Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink 1.3.0 Release Candidate 3
The complete list of changes since 1.3.0-rc2 can be found here.
Changes of note include (from rc2 to rc3):
Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.
OS="$(uname | tr '[:upper:]' '[:lower:]')"
TARGET_DIR="/usr/local"
curl -L \
"https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc3.tar.gz" |
sudo tar -xz -C ${TARGET_DIR}
The Obj-C artifacts are pending publication. This note will be removed once they are published.
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.3.0-rc3'
pod install
To install Tink locally run:
go get github.com/google/tink/go/...
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.3.0-rc3</version>
</dependency>
dependencies {
compile 'com.google.crypto.tink:tink-android:1.3.0-rc3'
}
There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by December 2019.