Security Blog
The latest news and insights from Google on security and safety on the Internet
Introducing the Tink cryptographic software library
30 août 2018
Posted by Thai Duong, Information Security Engineer, on behalf of Tink team
At Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires digesting decades' worth of academic literature. Needless to say, many developers don’t have time for that.
To help our developers ship secure cryptographic code we’ve developed
Tink
—a multi-language, cross-platform cryptographic library. We believe in open source and want Tink to become a community project—thus Tink has been available on GitHub since the early days of the project, and it has already attracted several external contributors. At Google, Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. After nearly two years of development, today we’re excited to announce
Tink 1.2.0
, the first version that supports cloud, Android, iOS, and more!
Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by
Project Wycheproof
, another project from our team.
With Tink, many common cryptographic operations such as data encryption, digital signatures, etc. can be done with only a few lines of code. Here is an example of encrypting and decrypting with our
AEAD
interface in Java:
import
com
.
google
.
crypto
.
tink
.
Aead;
import
com
.
google
.
crypto
.
tink
.
KeysetHandle;
import
com
.
google
.
crypto
.
tink
.
aead
.
AeadFactory;
import
com
.
google
.
crypto
.
tink
.
aead
.
AeadKeyTemplates;
// 1. Generate the key material.
KeysetHandle
keysetHandle
=
KeysetHandle
.
generateNew(
AeadKeyTemplates
.
AES256_EAX
);
// 2. Get the primitive.
Aead
aead
=
AeadFactory
.
getPrimitive
(
keysetHandle
);
// 3. Use the primitive.
byte
[]
plaintext
=
...;
byte
[]
additionalData
=
...;
byte
[]
ciphertext
=
aead
.
encrypt
(
plaintext
,
additionalData
);
Tink aims to eliminate as many potential misuses as possible. For example, if the underlying encryption mode requires nonces and nonce reuse makes it insecure, then Tink does not allow the user to pass nonces. Interfaces have security guarantees that must be satisfied by each primitive implementing the interface. This may exclude some encryption modes. Rather than adding them to existing interfaces and weakening the guarantees of the interface, it is possible to add new interfaces and describe the security guarantees appropriately.
We’re cryptographers and security engineers working to improve Google’s product security, so we built Tink to make our job easier. Tink shows the claimed security properties (e.g., safe against chosen-ciphertext attacks) right in the interfaces, allowing security auditors and automated tools to quickly discover usages where the security guarantees don’t match the security requirements. Tink also isolates APIs for potentially dangerous operations (e.g., loading cleartext keys from disk), which allows discovering, restricting, monitoring and logging their usage.
Tink provides support for key management, including key rotation and phasing out deprecated ciphers. For example, if a cryptographic primitive is found to be broken, you can switch to a different primitive by rotating keys, without changing or recompiling code.
Tink is also extensible by design: it is easy to add a custom cryptographic scheme or an in-house key management system so that it works seamlessly with other parts of Tink. No part of Tink is hard to replace or remove. All components are composable, and can be selected and assembled in various combinations. For example, if you need only digital signatures, you can exclude symmetric key encryption components to minimize code size in your application.
To get started, please check out our HOW-TO for
Java
,
C++
and
Obj-C
. If you'd like to talk to the developers or get notified about project updates, you may want to subscribe to our
mailing list
. To join, simply send an empty email to
tink-users+subscribe@googlegroups.com
. You can also post your questions to StackOverflow, just remember to tag them with
tink
.
We’re excited to share this with the community, and welcome your feedback!
Aucun commentaire :
Publier un commentaire
Étiquettes
#sharethemicincyber
android
android security
android tr
app security
big data
biometrics
blackhat
chrome
chrome security
diversity
federated learning
fuzzing
Gboard
google play
google play protect
Open Source
pha family highlights
privacy
Security
spyware
targeted spyware
vulnerabilities
Archive
2021
avr.
mars
févr.
janv.
2020
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
janv.
2019
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
janv.
2018
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
janv.
2017
déc.
nov.
oct.
sept.
juil.
juin
mai
avr.
mars
févr.
janv.
2016
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
janv.
2015
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
janv.
2014
déc.
nov.
oct.
sept.
août
juil.
juin
avr.
mars
févr.
janv.
2013
déc.
nov.
oct.
août
juin
mai
avr.
mars
févr.
janv.
2012
déc.
sept.
août
juin
mai
avr.
mars
févr.
janv.
2011
déc.
nov.
oct.
sept.
août
juil.
juin
mai
avr.
mars
févr.
2010
nov.
oct.
sept.
août
juil.
mai
avr.
mars
2009
nov.
oct.
août
juil.
juin
mars
2008
déc.
nov.
oct.
août
juil.
mai
févr.
2007
nov.
oct.
sept.
juil.
juin
mai
Feed
Follow @google
Follow
Give us feedback in our
Product Forums
.
Follow
Aucun commentaire :
Publier un commentaire