Tink is a multi-language, cross-platform cryptographic library developed by a group of cryptographers and security engineers at Google to help developers implement cryptography correctly without being cryptographic experts. Under development for the last two years, version 1.2 adds support for Cloud, Android, and iOS platforms, and C++ and Objective-C.
Tink originated from another Google project aimed to stress cryptographic libraries against known attacks, such as using biased nonces, invalid curves, etc., and to ensure popular cryptographic algorithms behave as expected, including DSA, RSA, AES-EAX, and many more.
Based on this experience, Google engineers set out to create a new library aiming to provide secure APIs that are easy to use correctly and hard to misuse. For example, to prevent nonce reuse, which can make a cryptographic algorithm less secure, Tink does not allow the user to pass nonces.
At the same time, Tink strives to make as explicit as possible what security guarantees each provided API gives. For example, if a given operation is safe against chosen-ciphertext attacks, this is displayed in the interface and that same guarantee has to be satisfied by each primitive used to implement it.
Tink currently provides four cryptographic operations, implemented by specific primitives:
- authenticated encryption with associated data (primitive: AEAD)
- message authentication codes (primitive: MAC),
- digital signatures (primitives: PublicKeySign and PublicKeyVerify)
- hybrid encryption (primitives: HybridEncrypt and HybridDecrypt).
Each operation has an associated set of minimal properties and a guarantee. A primitive can have multiple implementations and the user chooses the actual implementation to use by instantiating a key of a corresponding type. For example, this is how you encrypt some text with AES-EAX using the AEAD primitive:
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.aead.AeadFactory;
import com.google.crypto.tink.aead.AeadKeyTemplates;
// 1. Generate the key material.
KeysetHandle keysetHandle = KeysetHandle.generateNew(
AeadKeyTemplates.AES256_EAX);
// 2. Get the primitive.
Aead aead = AeadFactory.getPrimitive(keysetHandle);
// 3. Use the primitive.
byte[] plaintext = ...;
byte[] additionalData = ...;
byte[] ciphertext = aead.encrypt(plaintext, additionalData);
In addition to cryptographic operations, Tink provides support for key management, including key versioning, key rotation, and support for remote key management systems (KMS). Currently, the following KMSes are supported:
- Google Cloud KMS
- Amazon KMS
- Android Keystore
- Apple iOS KeyChain (planned)
Tink currently supports Java, C++, and Objective-C. Support for C#, Go, and JavaScript/Node is planned for version 1.3, tentatively scheduled for December 2018.
Although not officially a Google supported product, Tink is used in many Google products, including AdMob, Google Pay, Google Assistant, Firebase, the Search API, and more.