Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Overview

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Current status
  3. Getting started
  4. Learn more
  5. Contact and mailing list
  6. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is one of the standard crypto libraries, and has been deployed in hundreds of products and systems.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Current status

Java/Android, C++, Obj-C, Go, and Python are field tested and ready for production. The latest version is 1.5.0, released on 2020-10-13.

Javascript/Typescript is in an alpha state and should only be used for testing.

Getting started

As a starting point, the examples demonstrate performing simple tasks using Tink in a variety of languages.

  • Python
pip3 install tink
  • Golang
go get github.com/google/tink/go/...
  • Java
<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.5.0</version>
</dependency>
  • Android
dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.5.0'
}
  • Objective-C/iOS
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.5.0'
pod install

Learn more

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.

Maintainers

Tink is maintained by (A-Z):

  • Taymon Beal
  • Daniel Bleichenbacher
  • Thai Duong
  • Thomas Holenstein
  • Stefan Kölbl
  • Charles Lee
  • Atul Luykx
  • Rafael Misoczki
  • Sophie Schmieg
  • Laurent Simon
  • Jürg Wullschleger

Alumni

  • Haris Andrianakis
  • Tanuj Dhir
  • Quan Nguyen
  • Bartosz Przydatek
  • Enzo Puig
  • Veronika Slívová
  • Paula Vidas
Comments
  • Add more Keyset Manager functionality to Go

    Add more Keyset Manager functionality to Go

    - brings Java KeysetManager functions to Go: Add, Enable, Disable, Delete, Destroy and SetPrimary
    - updates Rotate docs to 'Deprecated' point to Add & SetPrimary
    - mostly copies same Java tests/assertions
    
    cla: yes 
    opened by cmiller01 28
  • Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Coming from Tink 1.3.0 stable to Tink 1.4 RC2 (on Android), I noticed that the AesGcmKeyFormat has a possible problem with proguard/R8. We haven't added anything in our proguard-rules.pro file for Tink and am getting a stack trace like this

    java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	... 13 more
    Caused by: java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	at slack.commons.security.AeadPrimitiveFactoryImpl.getAeadPrimitive(AeadPrimitiveFactory.kt:4)
    	... 12 more
    Caused by: java.lang.ExceptionInInitializerError
    	at androidx.security.crypto.EncryptedSharedPreferences$PrefValueEncryptionScheme.
    <clinit>(EncryptedSharedPreferences.java:1)
            ... 11 more
    Caused by: java.lang.RuntimeException: Field version_ for com.google.crypto.tink.proto.AesGcmKeyFormat not found. Known fields are [public int com.google.crypto.tink.proto.AesGcmKeyFormat.keySize_, public static final com.google.crypto.tink.proto.AesGcmKeyFormat com.google.crypto.tink.proto.AesGcmKeyFormat.DEFAULT_INSTANCE, public static volatile com.google.crypto.tink.shaded.protobuf.Parser com.google.crypto.tink.proto.AesGcmKeyFormat.PARSER]
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.reflectField(MessageSchema.java:7)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchemaForRawMessageInfo(MessageSchema.java:53)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchema(MessageSchema.java:2)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:30)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:48)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:5)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:1)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.createAesGcmKeyTemplate(AeadKeyTemplates.java:5)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.<clinit>(AeadKeyTemplates.java:1)
    

    In the Android studio looking at the generated AesGcmKeyFormat, it has the _version

    package com.google.crypto.tink.proto;
    
    import ...;
    
    public final class AesGcmKeyFormat extends GeneratedMessageLite<AesGcmKeyFormat, AesGcmKeyFormat.Builder> implements AesGcmKeyFormatOrBuilder {
        public static final int KEY_SIZE_FIELD_NUMBER = 2;
        private int keySize_;
        public static final int VERSION_FIELD_NUMBER = 3;
        private int version_;
        private static final AesGcmKeyFormat DEFAULT_INSTANCE;
        private static volatile Parser<AesGcmKeyFormat> PARSER;
    
    ...
    }
    

    But when looking at the build APK with proguard/R8 running through it, seems like version_ was removed

    Screen Shot 2020-05-19 at 5 33 14 PM

    Seems like the AesSivKeyFormat has a similar problem as well.

    Screen Shot 2020-05-19 at 5 47 31 PM

    I'm going to also check if this problem might have existed in the 1.3 release of the library. But I haven't seen this stack trace before.

    We stricly use protobuf 3.12.0

    +--- com.google.protobuf:protobuf-java:{strictly 3.12.0} -> 3.12.0 (c)
    
    ...
    
    |    |    \--- com.google.protobuf:protobuf-javalite:3.12.0
    
    ...
    
    |    |    +--- com.google.android.apps.common.testing.accessibility.framework:accessibility-test-framework:2.1
    |    |    |    +--- org.hamcrest:hamcrest-core:1.3 -> org.hamcrest:hamcrest:2.2
    |    |    |    \--- com.google.protobuf:protobuf-java:2.6.1 -> 3.12.0
    
    opened by simtse 27
  • PHP Implementation?

    PHP Implementation?

    I intend to follow this up with a pull request.

    Would the Tink team be interested in a PHP implementation of the same API? Obtensibly it would wrap both the openssl and sodium extensions.

    opened by paragonie-scott 27
  • Python support release date

    Python support release date

    Is there any update on the release date for a version of Tink that supports Python? The roadmap states August 2019 as the intended date and that has come and gone...!

    It'd be good to have access to a release with Python support before January 2020 so old Python2 projects with Keyczar in can be migrated over to Python3 projects with Tink.

    Alternatively, if anybody has a suggestion for a suitable Python3 library to replace Keyczar in Python2 , that would be greatly appreciated!

    Regards,

    Jordan

    opened by JordanStopford 24
  • [android] [throwable] arithmetic error in scalar multiplication

    [android] [throwable] arithmetic error in scalar multiplication

    we use Tink-Android to generate keyPair and sign our information. it work well in common case. but there is a crash in Android device M1 E when we use

    Ed25519Sign(private_key)
    

    and we find the throwable is

       // This check is to protect against flaws, i.e. if there is a computation error through a
        // faulty CPU or if the implementation contains a bug.
        XYZ result = new XYZ(ret);
        if (!result.isOnCurve()) {
          throw new IllegalStateException("arithmetic error in scalar multiplication");
        }
    

    https://github.com/google/tink/blob/09fc71c45dc7c4ecc7fb0df3414b0fb3a9ca52c3/java/src/main/java/com/google/crypto/tink/subtle/Ed25519.java#L626

    Android version: 7.0 cpu: Helio P10 gpu: ARM Mali-T860 Tink-Android Version: 1.2.2

    Is there anyone can help me ? thanks !

    opened by PaperHS 24
  • Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Hello,

    I'd like to report the follow exceptions happening with Android; we are using 1.3.0-rc3. I am not able to reproduce these issues; however they have been seen in the wild.

    OS Issue observed : Android 6,7,8,9 Devices : Samsung Galaxy S6, S7 edge. LG g4, g5, g6

    KeyStoreException (Invalid Key Blob) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:708) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185) com.loblaw.pcoptimum.android.app.utils.Crypto$AEAD.getAndroidKeysetManager (Crypto.java:204)

    KeyStoreException (Unknown error) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:1107) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:825) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

    UnrecoverableKeyException (-49) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:839) android.security.keystore.AndroidKeyStoreProvider.getKeyCharacteristics (AndroidKeyStoreProvider.java:236) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore (AndroidKeyStoreProvider.java:356) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:101) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

    opened by ArjunAchatz 20
  • GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed
      File "AeadWrapper.java", line 82, in decrypt
      File "TinkHelper.kt", line 33, in decrypt
    

    This error occurs with version 1.3.0-rc1 on an Android device running 9.0 but is fixed in versino 1.3.0-rc4. We can't upgrade to 1.3.0-rc4 because of https://github.com/google/tink/issues/301.

    Will the 1.3.0 release contain the fix for the decryption error but not the issue with firebase?

    opened by zsweigart 20
  • Protobuf related build issue with Tink + Firebase (Android)

    Protobuf related build issue with Tink + Firebase (Android)

    I am trying to integrate Tink to my Flutter app which also uses Firebase. With 1.3.0-rc3 I get this build errors in Android:

    Execution failed for task ':app:checkDevelopmentDebugDuplicateClasses'.
    > 1 exception was raised by workers:
      java.lang.RuntimeException: java.lang.RuntimeException: Duplicate class com.google.protobuf.AbstractMessageLite found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder$LimitedInputStream found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractParser found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractProtobufList found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.Any found in modules classes.jar (com.google.firebase:protolite-well-known-types:17.0.0) and protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0)
    .
    .
    .
    

    I have tried various suggestions mentioned in other protobuf related issues here but no solution found so far.

    Issue disappears if I downgrade Tink to version 1.3.0-rc1, so I am using it as a workaround for now.

    opened by kinex 18
  • "go get" fails when specifying "latest" version as a Go module dependency

    The go/keyset API is not present in the latest release, which causes problems when trying to use go modules:

    GO111MODULE=on go get github.com/google/tink/go/keyset
    go: finding github.com/google/tink/go/keyset latest
    go: finding github.com/google/tink/go latest
    go get github.com/google/tink/go/keyset: no matching versions for query "latest"
    
    opened by gdbelvin 16
  • On Android, when GeneralSecurityException

    On Android, when GeneralSecurityException "decryption failed" is thrown when calling AeadFactory::decrypt?

    Hi,

    Edit: we are using Tink 1.2.2.

    We have been getting crash reports with the exception GeneralSecurityException: decryption failed with the stack trace pointing to AeadFactory::decrypt as the source of the exception, and we are lost on when that happens.

    We are not sharing the keys or the cipher text, so, the same device and algorithm that encrypts it, is the same one that is decrypting it.

    We are also using the AndroidKeysetManager.

    The error seems to happen exclusively on Android 8 e 9 so far.

    Any idea on what may be causing this exception being thrown? Thank you :)

    Check our full implementation: https://gist.github.com/AllanHasegawa/85431b6f7c53074511527655712c9872

    opened by AllanHasegawa 16
  • InvalidProtocolBufferException (Protocol message contained an invalid tag (zero))

    InvalidProtocolBufferException (Protocol message contained an invalid tag (zero))

    In my Android app, I see this exception happening on one device: Protocol message contained an invalid tag (zero)., com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException

    Related code where the exception happens (Kotlin code from my Flutter plugin):

    .
    .
    .
    "encryptString" -> {
        uiScope.launch {
            try {
                var encryptedDataBase64String: String? = null
                withContext(Dispatchers.IO) {
                    initializeTink()
    
                    val applicationId = call.argument<String>("applicationId")
                            ?: throw IllegalArgumentException("applicationId")
                    val keySetName = call.argument<String>("keySetName")
                            ?: throw IllegalArgumentException("keySetName")
                    val dataString = call.argument<String>("data")
                            ?: throw IllegalArgumentException("data")
                    val passwordString = call.argument<String>("password")
    
                    val data = dataString.toByteArray(Charsets.UTF_8)
    
                    val password = passwordString!!.toByteArray(Charsets.UTF_8)
    
                    val keySetHandle = getOrGenerateNewKeysetHandle(applicationContext!!, applicationId, keySetName)
                    val aead = keySetHandle.getPrimitive(Aead::class.java)
    
                    val encryptedData = aead.encrypt(data, password)
    
                    encryptedDataBase64String = Base64.encodeToString(encryptedData, Base64.DEFAULT)
                }
                result.success(encryptedDataBase64String)
            } catch (e: Exception) {
                Log.e(LOG_TAG, "Exception", e)
                result.error(
                        "Exception",
                        e.localizedMessage ?: e.message ?: "$e", "$e")
            }
        }
    }
    
    

    Tink 1.4.0 Device: Huawei P20 / Android 10

    This is an user device so I cannot reproduce it myself (I see this from Crashlytics).

    opened by kinex 15
  • Envelope Encryption and DEK caching

    Envelope Encryption and DEK caching

    Is your feature request related to a problem?

    No

    What sort of feature would you like to see?

    I have a general question about using Tink and EnvelopeEncryption.

    I tried the example GOLANG-HOWTO.md#envelope-encryption, it works great.

    I wonder if it is possible, or if it is a roadmap feature to allow configuring reusing DEK for a set number of Encrypt() instead of creating a new DEK (and encrypted with remote KMS) for each Encrypt()

    I understand the best practices is to use a new DEK for each message to encrypt. However past a certain volume, I am considering balancing cost and security. Each DEK are encrypted with remote KMS, for high volume message, the KMS cost becomes significant.

    This feature would be very similar as the data key caching documented by AWS Encryption SDK DataKey Caching, ie allow configuring threshold to drive whether to re-use the DEK or not.

    Have you considered any alternative solutions?

    If this feature is not planned, i would really value pointers how best to customize tink to allow envelope encryption data key caching.

    I am wondering if the best place to extend tink is creating a new Key Manager similar than kms_envelope_aead_key_manager.go and add some sort of cache around in a newer version of KMSEnvelopeAEAD where before we generate a new DEK we get one from a cache if the reuse threshold is acceptable.

    Thanks! -seb

    opened by sebcante 0
  • Build success on Windows (with cmake and mingw)

    Build success on Windows (with cmake and mingw)

    At first I tried bazel, but it seems its broken with the VS toolchain ( at least in versions 2017+ ).

    So cmake it is. For a saner build environment, I use msys2.

    msys2 includes a package manager 'pacman' for installing the dev tools and libraries required for building. Ensure you select the mingw variants of golang, gcc, and cmake, or you'll encounter build errors.

    You can get a list of packages with: pacman -Ss <package_name>

    For the most part, the build went well. It is missing unistd.h's 'pread' , and cc/util/util_test.cc makes use of file permissions not supported by Windows (specifically 'group' and 'other'). Those were the only two issues blocking compilation for me.

    I was able to get the aead_cli example working. Here is the CMakeLists.txt I used to build my exe.

    cmake_minimum_required(VERSION 3.5)
    project(aead_cli CXX)
    set(CMAKE_CXX_STANDARD_REQUIRED ON)
    set(CMAKE_CXX_STANDARD 14)
    
    add_subdirectory(third_party/tink)
    add_subdirectory(util)
    
    add_executable(aead_cli aead_cli.cc)
    set(CMAKE_EXE_LINKER_FLAGS "-static-libgcc -static-libstdc++ -static")
    target_link_libraries(aead_cli tink::static absl::flags_parse util) 
    

    There is an issue with it trying to link in librt on my setup, which doesn't fly for Windows. For the time being, I just delete the -lrt in build.ninja file after running cmake -DCMAKE_GENERATOR=ninja

    I created a pull request #660 in case there's any interest by the tink devs.

    Screen Shot 2023-01-03 at 2 42 41 PM

    opened by dhthwy 0
  • Envelope AEAD with multiple KEKs and AEAD primitives

    Envelope AEAD with multiple KEKs and AEAD primitives

    I have a general question around best practices when dealing with multiple KEKs for envelope encryption.

    Background We have a centralised security solution that handles encryption for various tenants. Each tenant has 1 GCP KMS Key dedicated to it. The purpose of having separate KMS Keys for each tenant is to ensure secure data isolation and limit risk in events where the key is compromised etc.. etc...

    Scenario After securely identifying the tenant during a request, the centralised security solution picks the appropriate KEK (remote GCP KMS key) to process the request (i.e. encrypt the data). Specifically, it picks the right AEAD primitive instance that matches the tenant's KEK.

    With the Google Tink Library, the example docs to generate an AEAD primitive is:

    kekURI := "gcp-kms://.../.../.../my-cloud-kek-123"
    kmsClient, err := gcpkms.NewClient(kekURI)
    if err != nil {
    ...
    }
    
    registry.RegisterKMSClient(kmsClient)
    
    dek := aead.AES256GCMKeyTemplate()
    keyHandle, err := keyset.Handle(aead.KMSEnvelopeAEADKeyTemplate(kekURI)
    if err != nil {
    ...
    }
    
    aeadPrimitive, err := aead.New(keyHandle)
    if err != nil {
    ...
    }
    
    
    // We can finally use the AEAD primitive here for envelope encryption for a single KEK
    aead.Encrypt(....)
    aead.Decrypt(....)
    

    Now the code example above works fine for a single KEK, however we'd like to support multiple KEKs and be able to dynamically switch KEKs depending on the requests the "centralised security solution" receives for each tenant.

    N tenants = N KEK (GCP KMS keys)

    Note: The list of tenants can grow over time, its not a static number (N).

    The "centralised security solution" can receive concurrent requests (gRPC server) and must be able to handle concurrent requests without issues.

    Our initial approach to the problem is shown below:

    • we use sync.RWMutex to cache AEAD primitives
    • we went with caching AEAD primitives, on the assumption that creating a new primitive every single time from the URI would be wasteful/expensive, even if we used GetKMSClient from the registry to cache atleast the kmsClient bit (i.e. we'd still need to generate the keyHandle and AEAD primitive, even if KMSClient is cached in registry)
    • our cache is mostly read heavy (i.e. when the centralised security solution gRPC server boots up one more more instances - behind a load balancer - it would write to the cache once to initialise the AEAD primitive in cache, and then its purely reads from the cache going forward)
    • cache key is tenant ID
    • since sync.RWMutex supports multiple read locks, it would be ideal for a read heavy scenario
    type TenantAEADCache struct {
        mu sync.RWMutex
        
        cache map[string]tink.AEAD
    }
    
    func (t *TenantAEADCache) GetAEADPrimitive(tenant string) (tink.AEAD, error) {
        aeadPrimitive, err := t.GetAEADPrimitiveFromCache(tenant)
        if err != nil {
            return t.GenerateAndGetAEADPrimitive(tenant)
    
        }
        return aeadPrimitive, err
    }
    
    
    func (t *TenantAEADCache) GetAEADPrimitiveFromCache(tenant string) (tink.AEAD, error) {
        // read lock
        t.mu.RLock()
        defer t.mu.RLock()
       
        aeadPrimitive, ok := t.cache[tenant]
        if !ok {
            return nil, errors.New("not cached")
        }
        return aeadPrimitive, nil
    }
    
    func (t *TenantAEADCache) GenerateAndGetAEADPrimitive(tenant string) (tink.AEAD, error) {
        // write lock
        t.mu.Lock()
        defer t.mu.Lock()
    
        t.cache[tenant] = .... // generate an AEADPrimitive in a similar way to the first code example at the top
        
        return t.cache[tenant], nil
    }
    
    

    (please ignore any minor code issues, this was not a copy pasted snippet, just a best effort manually typed example)

    I'd like to learn about:

    • whether this approach will have any concurrency issues with the Google Tink Library?
    • whether the "registry" stuff could be of any help instead of the approach above?
    • when using the AEAD primitive, does it perform any mutex locks within the Google Tink Library when calling the Encrypt/Decrypt methods (which could become a bottleneck for the approach mentioned above)

    I've read through a bit of the code for KMSEnvelopeAEAD which seems to be the instance/concrete type of tink.AEAD that I'm working with. Would there be any locks or concurrency issues with the code below

    https://github.com/google/tink/blob/master/go/aead/kms_envelope_aead.go#L59-L129

    Alternatively, please let me know if there's a better approach to solving concurrent multi-tenant (multi KEK) envelope encryption with Google Tink.

    Regards

    opened by iamyohann 1
  • Bump certifi from 2022.9.24 to 2022.12.7 in /python/examples

    Bump certifi from 2022.9.24 to 2022.12.7 in /python/examples

    Bumps certifi from 2022.9.24 to 2022.12.7.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

    dependencies python 
    opened by dependabot[bot] 0
Releases(v1.7.0)
  • v1.7.0(Aug 10, 2022)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.7.0.

    To get started using Tink, see the installation instructions.

    To see what we're working towards, check our project roadmap.

    What's new

    The complete list of changes since 1.6.1 can be found here.

    General

    • Hybrid Public Key Encryption (HPKE)
      • Added support for HPKE as defined in RFC 9180
      • Implemented in C++, Java, Go, and Python.
      • NOTE: In C++, HPKE is not present when using OpenSSL or when FIPS-only mode is enabled.
    • JSON Web Token (JWT)
      • Added support for a subset of JWT as defined by RFC 7519 that is considered safe and most often used
      • Implemented in C++, Java, Go, and Python.
      • See the JWT-HOWTO.
    • Protocol buffer definitions and test data are now embedded within each Bazel workspace.

    C++

    • Post-Quantum Cryptography
      • Experimental only implementations of Dilithium, Falcon, and Sphincs.
    • CMake build options
      • Added option to use pre-installed OpenSSL (v1.1.1), gTest, and Abseil (v1.1.1) src
      • Added option to propagate client CMAKE_CXX_STANDARD, see the CMAKE HOW-TO
    • Optional migration to absl::Status and absl::StatusOr

    Java

    Go

    • GCP KMS
    • Fix memory utilization bug in streaming AEAD (https://github.com/google/tink/issues/594)

    Python

    NOTE: Pending publication to PyPI.

    • Python 3.10 support

    Objective-C

    NOTE: Pending publication to CocoaPods.

    • arm64 (M1) support
    Source code(tar.gz)
    Source code(zip)
  • v1.6.1(Jul 13, 2021)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.6.1.

    To get started using Tink, see the installation instructions.

    What's new

    This is a patch release.

    The complete list of changes since 1.6.0 can be found here.

    Java

    Fix dependencies in Java Maven packages

    In Tink 1.6.0, the Java Bazel configuration included a couple instances of a non-Android target depending on an Android target and vice versa. This resulted in larger than expected Maven packages.

    Miscellaneous

    Minor documentation fixes.

    Known issues

    • ~Tink for Python has issues in setup.py and the distribution scripts. Due to this, PyPI packages have not been published for this release. A follow up patch release will address this shortly.~ PyPI packages for 1.6.1 have been published. If you want to build these packages from branch 1.6 by yourself, patch in https://github.com/google/tink/commit/465753ac71d51baab8804aa7908b96e562fe4bff.
    • Tink for Obj-C still does not build with Bazel. However, you can still use it in your apps by installing our prebuilt package.
    Source code(tar.gz)
    Source code(zip)
  • v1.6.0(May 18, 2021)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.6.0.

    To get started using Tink, see the installation instructions.

    What's new

    The complete list of changes since 1.5.0 can be found here.

    New documentation website

    We've launched a new home for Tink documentation at https://developers.google.com/tink.

    The site brings together content currently spread across the HOW-TOs and other markdown files throughout the project repository.

    Initially, we've populated the site with instructions and code snippets for the Java and Python implementations. Moving forward, expect additional content covering other language implementations, additional critical path overviews, and more.

    Java

    Key templates API

    Introduced the KeyTemplates class. It has a get(name) method that facilitates getting any registered key template.

    A list of currently registered key templates can be obtained by calling Registry.keyTemplates()

    Custom key manager method removals

    The following methods have been removed. Except where noted, the methods had been annotated as being deprecated.

    • Registry
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager, Class<P> primitiveClass)
        • not deprecated
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, Class<P> primitiveClass)
        • not deprecated
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle, final KeyManager<P> customManager)
      • public static <P> PrimitiveSet<P> getPrimitives(KeysetHandle keysetHandle)
    • KeysetHandle
      • public <P> P getPrimitive(KeyManager<P> customKeyManager, Class<P> targetClassObject)
    • MacFactory
      • public static Mac getPrimitive(KeysetHandle keysetHandle, final KeyManager<Mac> keyManager)
    • HybridDecryptFactory
      • public static HybridDecrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridDecrypt> keyManager)
    • AeadFactory
      • public static Aead getPrimitive(KeysetHandle keysetHandle, final KeyManager<Aead> keyManager)
    • PublicKeyVerifyFactory
      • public static PublicKeyVerify getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeyVerify> keyManager)
    • PublicKeySignFactory
      • public static PublicKeySign getPrimitive(KeysetHandle keysetHandle, final KeyManager<PublicKeySign> keyManager)
    • DeterministicAeadFactory
      • public static DeterministicAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<DeterministicAead> keyManager)
    • StreamingAeadFactory
      • public static StreamingAead getPrimitive(KeysetHandle keysetHandle, final KeyManager<StreamingAead> keyManager)
        • not deprecated
    • HybridEncryptFactory
      • public static HybridEncrypt getPrimitive(KeysetHandle keysetHandle, final KeyManager<HybridEncrypt> keyManager)

    Dependency updates

    org.json to GSON

    The project has migrated to GSON for JSON serialization/deserialization functionality.

    Due to this change, the Java implementation is no longer producing HTML-safe encoding by default. This behavior aligns the Java implementation with the other language implementations of Tink.

    C++

    FIPS only mode

    https://github.com/google/tink/blob/1.6/docs/FIPS.md

    Obj-C

    Support for serializing keys with non-secret key material

    Implemented the serializedKeysetNoSecret method on TINKKeysetHandle. This facilitates exporting public keys.

    Known issues

    • Tink for Obj-C still does not build with Bazel. However, you can still use it in your apps by installing our prebuilt package.

    Hall of Fame

    This release includes contributions from the following community members:

    Source code(tar.gz)
    Source code(zip)
  • v1.5.0(Oct 16, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.5.0.

    The complete list of changes since 1.4.0 can be found here.

    What's new

    Security fixes

    This release fixes a ciphertext malleability issue (CVE-2020-8929) in Tink for Java and Android. This is a low severity issue. No loss of confidentiality or loss of plaintext integrity occurs due to this problem, only ciphertext integrity is compromised.

    New language: Javascript/Typescript

    This release introduces alpha support for Javascript/Typescript. Check out the HOW-TO and let us know what you think!

    New primitive: PRF set

    The PRF set primitive allows to redact data in a deterministic fashion, for example personal identifiable information or internal IDs, or to come up with a user ID from user information without revealing said information in the ID. This allows someone with access to the output of the PRF without access to the key do some types of analysis, while limiting others.

    This primitive is supported in C++, Java, Python and Golang.

    Python

    • Added Streaming AEAD. Check out the example for how to encrypt arbitrary large files.

    • Added CMAC.

    • Added a lot of examples.

    pip3 install tink
    

    C++

    We no longer offer prebuilt binaries for C++. Please check out the HOW-TO for compiling your application together with Tink using Bazel or CMake.

    Obj-C

    • Added support for accessGropus to TINKKeysetHandle.
    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.5.0'
    pod install
    

    Golang

    • Added Streaming AEAD with AES-CTR-HMAC.
    • Bundled HCVault with Tink. In 1.4.0, HCVault was offered as a separate module, but we were advised by the Golang's team that it should be bundled with Tink.
    go get github.com/google/tink/go/...
    

    Java

    • Added AES-GCM-SIV. This requires a Java security provider that supports AES-GCM-SIV such as Conscrypt.
    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.5.0</version>
    </dependency>
    

    Android

    • When a call to Android KeyStore failed, Tink will wait a random number of milliseconds (up to 100) before retrying one more time.
    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.5.0'
    }
    

    Tinkey

    brew tap google/tink https://github.com/google/tink
    brew install tinkey
    

    The prebuilt binary attached to this release should also work well on Windows.

    Known issues

    • Tink for Obj-C doesn't build with Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.
    Source code(tar.gz)
    Source code(zip)
    tinkey-1.5.0.tar.gz(11.15 MB)
  • v1.4.0(Jul 14, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0.

    The complete list of changes since 1.3.0 can be found here.

    What's new

    Security fixes

    This release fixes the following potential security issues, affected users are recommended to upgrade.

    • Quan Nguyen of Snap Inc. found that AES-CTR-HMAC-AEAD keys and the EncryptThenAuthenticate subtle implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:

      • Tink C++ is used on systems where size_t is a 32-bit integer. This is usually the case on 32-bit machines.
      • The attacker can specify long (>= 2^29 bytes ~ 536MB) associated data.
    • Streaming AEAD implementations encrypt the plaintext in segments. Tink uses a 4-byte segment counter. When encrypting a stream consisting of more than 2^32 segments, the segment counter might overflow and lead to leakage of key material or plaintext. This problem was found in the Java and Go implementations of the AES-GCM-HKDF-Streaming key type.

    Python

    This version introduces support for Python 3.7 and 3.8.

    Tink in Python is built on top of C++. It supports all primitives but Streaming AEAD. For an overview, see the HOW-TO. In addition, there are illustrative examples of using Tink in Python which can be used as a jumping off point.

    PyPi binary packages for Linux and macOS are provided.

    pip3 install tink
    

    C++

    • Attempt to erase keys from memory after use.

    • Adding support for CordAead, which is a more memory-efficient version of Aead that uses absl::Cord.

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C

    • Removing Obj-C protobufs.
    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0'
    pod install
    

    Golang

    • Cleaning up Godoc and adding better examples.
    go get github.com/google/tink/go/...
    

    Java

    • Removing support for Java 7.
    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0</version>
    </dependency>
    

    Android

    • Bundling a shaded copy of Google Protobuf. This fixes an annoying version conflict bug.

    • Bundling a rule file to ensure compatibility with Proguard/R8.

    • Refactoring Android Keystore integration

      • Running a self-test to only enable the integration if Android Keystore is working properly.

      • Do not automatically generate fresh keys if keys exist but are corrupt. This won't recover corrupt keys, but at least it will allow to gather more data on Android Keystore failures.

    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.4.0'
    }
    

    Tinkey

    Tinkey can now be installed via Homebrew on Linux and macOS.

    brew tap google/tink https://github.com/google/tink
    brew install tinkey
    

    The binaries can also be downloaded from

    • https://storage.googleapis.com/tinkey/tinkey-darwin-x86_64-1.4.0.tar.gz
    • https://storage.googleapis.com/tinkey/tinkey-linux-x86_64-1.4.0.tar.gz

    Known issues

    • Tink in Obj-C doesn't build. That is, you can't build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.
    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-rc2(May 15, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0-rc2.

    Changes

    This release candidate adds things that we want to ship in 1.4.0, but didn't have a chance to add them to 1.4.0-rc1, such as:

    • a proper fix for the infamous Protobuf issue in Tink for Android.
    • a better go.mod config.
    • many changes in Tink Python that didn't make the last release cut.

    The complete list of changes since 1.4.0-rc1 can be found here.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0-rc2'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Python

    See setup instructions.

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      implementation 'com.google.crypto.tink:tink-android:1.4.0-rc2'
    }
    

    Known issues

    • Tink Obj-C doesn't build. That is, you can't check out Tink Obj-C and build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above.

    What's next

    1.4.0 final should be out in 1-2 weeks, barring new issues.

    Source code(tar.gz)
    Source code(zip)
  • v1.4.0-rc1(Apr 30, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.4.0-rc1.

    Changes

    • This version introduces support for Python. Tink Python, which is a Pybind11 wrapper of Tink C++, supports all primitives but Streaming AEAD (which will come in 1.5.0). For an overview of using the Tink Python implementation, see the Python HOW-TO. In addition, there are illustrative examples of using Tink Python which can be used as a jumping off point.

    • Tink C++ now tries to erase keys from memory after use.

    The complete list of changes since 1.3.0 can be found here. Please note that Tink JavaScript is not a part of this release.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.4.0-rc1'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Python

    See setup instructions.

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.4.0-rc1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.4.0-rc1'
    }
    

    Known issues

    • Tink Obj-C doesn't build. That is, you can't check out Tink Obj-C and build it yourself using Bazel. You can still use it in your apps by installing our prebuilt package, as noted above. We're fixing this.

    What's next

    1.4.0 final should be out in 1-2 weeks, barring new issues.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0(Mar 19, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0.

    Changes

    There is no change since rc4.

    Compared to 1.2.x, main changes in 1.3.0 include

    • new language: Golang with primitives MAC, AEAD (incl. KMS envelope), deterministic AEAD, hybrid encryption and digital signatures (see supported primitives and GOLANG HOWTO for details)
    • C++ deterministic AEAD (AES-SIV) and streaming AEAD (AES-GCM-HKDF-STREAMING)
    • C++ KMS-AEAD and KMS-envelope-AEAD, incl. integration with AWS KMS and GCP KMS.
    • RSA-signatures for Java and C++ (RSA-SSA-PKCS1, RSA-SSA-PSS)
    • ED25519 signatures for C++, Obj-C, and Go

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++

    We no longer offer prebuilt binaries for C++. Please check out this documentation for how to compile your application together with Tink using Bazel or CMake.

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0'
    }
    

    What's next

    We're actively working on 1.4.0. This release will add Python support. It should be out by April 2020.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc4(Feb 20, 2020)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 4.

    Changes

    The complete list of changes since 1.3.0-rc3 can be found here.

    Changes of note include (from rc3 to rc4):

    • Fix an inconsistency in the Envelope Encryption approach in the C++ implementation (8e4b5c700)

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc4.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc4'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc4</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc4'
    }
    

    What's next

    This should be the last release candidate before the final 1.3.0 release.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc3(Dec 20, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 3

    Changes

    The complete list of changes since 1.3.0-rc2 can be found here.

    Changes of note include (from rc2 to rc3):

    • Fix ExceptionInInitializerError with tink-android (#289)
    • Fix CocoaPod to actually include new APIs.

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc3.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    The Obj-C artifacts are pending publication. This note will be removed once they are published.

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc3'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc3</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc3'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by December 2019.

    Source code(tar.gz)
    Source code(zip)
  • v1.3.0-rc2(Dec 20, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 2

    Changes

    The complete list of changes since 1.3.0-rc1 can be found here.

    Changes of note include (from rc1 to rc2):

    • The recommended version of Bazel is documented in the .bazelversion file in the root of the repository. This approach is compatible with Bazelisk, a wrapper for Bazel maintained by the Bazel team.

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc2.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc2'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc2'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by December 2019.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.3.0-rc2.tar(2.53 MB)
    libtink-linux-x86_64-1.3.0-rc2.tar(2.67 MB)
  • v1.3.0-rc1(Jul 1, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.3.0 Release Candidate 1

    Changes

    The complete list of changes since 1.2.2 can be found here.

    The main changes include:

    • new language: Tink in Go, with primitives MAC, AEAD (incl. KMS envelope), deterministic AEAD, hybrid encryption and digital signatures (see supported primitives and GOLANG HOWTO for details)
    • C++ deterministic AEAD (AES-SIV) and streaming AEAD (AES-GCM-HKDF-STREAMING)
    • C++ KMS-AEAD and KMS-envelope-AEAD, incl. integration with AWS KMS and GCP KMS.
    • RSA-signatures for Java and C++ (RSA-SSA-PKCS1, RSA-SSA-PSS)
    • ED25519 signatures for C++, Obj-C, and Go

    Please note that Tink JavaScript and Tink Python are not a part of this release. Moreover, streaming envelope encryption (for Java and C++) has been de-prioritized and also is not a part of this release.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.3.0-rc1.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.3.0-rc1'
    pod install
    

    Golang

    To install Tink locally run:

    go get github.com/google/tink/go/...
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.3.0-rc1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.3.0-rc1'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.3.0 release. It should be out by the end of July 2019.

    Source code(tar.gz)
    Source code(zip)
  • v1.2.2(Jan 25, 2019)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.2.

    Changes

    This release fixes an issue with the Obj-C build distributed via CocoaPods. In particular, the BoringSSL library is statically linked to prevent namespace clashes in projects which depend on OpenSSL.

    The complete list of changes since 1.2.1 can be found here.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.2.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with CocoaPods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.2'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.2'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.2.tar.gz(1.86 MB)
    libtink-linux-x86_64-1.2.2.tar.gz(1.89 MB)
  • v1.2.1(Nov 16, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.1.

    Changes

    This release fixes a bunch of (non-security) bugs. There is no change in the public APIs.

    The complete list of changes since 1.2.0 can be found here.

    Installation

    C++ with prebuilt binaries

    OS="$(uname | tr '[:upper:]' '[:lower:]')"
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.1.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.1'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.1</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.1'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.1.tar.gz(1.68 MB)
    libtink-linux-x86_64-1.2.1.tar.gz(1.69 MB)
  • v1.2.0(Aug 10, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0.

    Changes

    The complete list of changes since Release Candidate 4 can be found here.

    Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0'
    }
    

    What's next

    See the project road map for future plans.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0.tar.gz(1.63 MB)
    libtink-linux-x86_64-1.2.0.tar.gz(1.65 MB)
  • v1.2.0-rc4(Aug 1, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 4.

    Changes

    The complete list of changes since Release Candidate 3 can be found here.

    Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc4.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc4'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc4</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc4'
    }
    

    What's next

    This is intended to be the last release candidate before the final 1.2.0 release.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc4.tar.gz(1.59 MB)
    libtink-linux-x86_64-1.2.0-rc4.tar.gz(1.62 MB)
  • v1.2.0-rc3(Jul 27, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 3.

    Changes

    The complete list of changes since Release Candidate 2 can be found here. Please ignore RSA-related changes; RSA is not part of 1.2.0 release.

    This candidate adds C++/Obj-C APIs to generate keys and to get public keys from private keys. We thank Sreejith Krishnan R for reporting these bugs.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library.

    The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux"  # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
      "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc3.tar.gz" |
    sudo tar -xz -C ${TARGET_DIR}
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc3'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc3</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc3'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.2.0 release. It should be out by the end of July 2018.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc3.tar.gz(1.59 MB)
    libtink-linux-x86_64-1.2.0-rc3.tar.gz(1.62 MB)
  • v1.2.0-rc2(Jul 13, 2018)

    Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

    This is Tink 1.2.0 Release Candidate 2.

    Note: Release Candidate 1 was private and used to test the Obj-C publishing process.

    New languages: C++ and Obj-C

    Tink 1.2.0 adds support for C++ and Obj-C. Both have been running in production at Google for a few months, and support the following algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Support for AWS KMS will be added to the Tink C++ library in future release candidates. Support for Google Cloud KMS has to wait post 1.2.0 because of lack of Cloud KMS client library. The Tink Obj-C library supports reading/writing key material to/from iOS Keychain.

    Please see the C++ HOWTO and the Obj-C HOWTO for usage.

    Installation

    C++ with prebuilt binaries

    OS="linux" # Change to "darwin" for macOS
    TARGET_DIR="/usr/local"
    curl -L \
    "https://storage.googleapis.com/tink/releases/libtink-${OS}-x86_64-1.2.0-rc2.tar.gz" |
    sudo tar -xz -C $TARGET_DIR
    

    Obj-C with Cocoapods

    cd /path/to/your/Xcode project/
    pod init
    pod 'Tink', '1.2.0-rc2'
    pod install
    

    Java with Maven

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.2.0-rc2</version>
    </dependency>
    

    Android with Gradle

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.2.0-rc2'
    }
    

    What's next

    There may be a few more release candidates before we get to the final 1.2.0 release. It should be out by the end of July 2018.

    Source code(tar.gz)
    Source code(zip)
    libtink-darwin-x86_64-1.2.0-rc2.tar.gz(1.58 MB)
    libtink-linux-x86_64-1.2.0-rc2.tar.gz(1.62 MB)
  • v1.1.1(May 26, 2018)

    Tink is a multi-language, cross-platform library that provides an easy, simple, secure, and agile API for common cryptographic tasks.

    This is a minor release which includes a fix for a build error (#94) and documentation cleanup.

    Installation

    Java developers can install Tink using Maven:

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.1.1</version>
    </dependency>
    

    Android developers can install Tink using Gradle:

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.1.1'
    }
    

    For usage, please see the Java HOWTO. A list of known issues is provided here.

    Javadoc

    Source code(tar.gz)
    Source code(zip)
  • v1.1.0(Apr 19, 2018)

    Tink is a multi-language, cross-platform library that provides an easy, simple, secure, and agile API for common cryptographic tasks.

    This is the second release. Like the first release, Java is still the only officially supported language. Tink for C++, Objective-C and Go are working (C++ has been running in production at Google for a while), and we’re working hard to bring these languages in 1.2.0. See our feature roadmap for more details.

    Installation

    Java developers can install Tink using Maven:

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>tink</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Android developers can install Tink using Gradle:

    dependencies {
      compile 'com.google.crypto.tink:tink-android:1.1.0'
    }
    

    For usage, please see the Java HOWTO. A list of known issues is provided here.

    New primitives and algorithms

    • AEAD: CHACHA20-POLY1305

    • Digital Signature: ED25519

    • Deterministic AEAD: AES-SIV

    • Streaming AEAD: AES-GCM-HKDF-STREAMING and AES-CTR-HMAC-STREAMING

    New apps

    Aside from the core APIs, Tink provides apps that implement common standards or protocols. The apps depend on Tink, but are built separately.

    Google Pay Token

    This app is an implementation of Google Pay Token Cryptography Standard. Version 1.1.0 adds supports for the ECv2 protocol.

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>apps-paymentmethodtoken</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Web Push Message Encryption

    This app is an implementation of RFC 8291 - Message Encryption for Web Push.

    <dependency>
      <groupId>com.google.crypto.tink</groupId>
      <artifactId>apps-webpush</artifactId>
      <version>1.1.0</version>
    </dependency>
    

    Javadoc

    Source code(tar.gz)
    Source code(zip)
  • v1.0.0(Sep 9, 2017)

    This is the first release of Tink. The only supported language in this release is Java. Tink for Java comes in two flavors:

    • The main flavor, and
    • The Android flavor that is optimized for Android.

    For installation and usage, please see the Java HOWTO.

    Supported primitives and algorithms

    Both flavors support the following primitives and algorithms:

    • AEAD: AES-EAX, AES-GCM, AES-CTR-HMAC-AEAD, KMS Envelope
    • MAC: HMAC-SHA2
    • Digital Signature: ECDSA over NIST curves
    • Hybrid Encryption: ECIES over NIST curves with AEAD (AES-GCM and AES-CTR-HMAC-AEAD) and HKDF

    Supported key management systems

    • Main flavor: AWS KMS, GCP KMS
    • Android flavor: Android Keystore (require Android M or newer).

    Warnings

    Do not use APIs including fields and methods marked with the @Alpha annotation. They can be modified in any way, or even removed, at any time. They are in the package, but not for official, production release, but only for testing.

    What's next

    We've already started working on 1.1.0. If things go well, we'll introduce the following algorithms:

    • AEAD: CHACHA20-POLY1305, XCHACHA20-POLY1305, XSALSA20-POLY1305
    • Digital signature: EdDSA over Ed25519
    • Hybrid Encryption: NaCl CryptoBox
    Source code(tar.gz)
    Source code(zip)
Owner
Google
Google ❤️ Open Source
Google
MIRACL Cryptographic SDK: Multiprecision Integer and Rational Arithmetic Cryptographic Library is a C software library that is widely regarded by developers as the gold standard open source SDK for elliptic curve cryptography (ECC).

MIRACL What is MIRACL? Multiprecision Integer and Rational Arithmetic Cryptographic Library – the MIRACL Crypto SDK – is a C software library that is

MIRACL 524 Jan 2, 2023
A lightweight, secure, easy-to-use crypto library suitable for constrained environments.

The Hydrogen library is a small, easy-to-use, hard-to-misuse cryptographic library. Features: Consistent high-level API, inspired by libsodium. Instea

Frank Denis 457 Dec 21, 2022
This repository aims to provide an easy-to-use implementation of the Secure Hash Standard as specified in FIPS 180-4

HashLibCpp This repository aims to provide an easy-to-use implementation of the Secure Hash Standard. (currently implemented are SHA224, SHA256 and SH

ADD1609 1 Feb 2, 2022
A Powerful, Easy-to-Use, Compact, Cross-Platform and Installation-Free Crypto Tool. 一个强大,易用,小巧,跨平台且免安装的加密解密签名工具。

GpgFrontend GpgFrontend is a Powerful, Easy-to-Use, Compact, Cross-Platform, and Installation-Free OpenPGP Crypto Tool. By using GpgFrontend, you can

Saturn&Eric 203 Jan 7, 2023
An open source, portable, easy to use, readable and flexible SSL library

README for Mbed TLS Mbed TLS is a C library that implements cryptographic primitives, X.509 certificate manipulation and the SSL/TLS and DTLS protocol

Arm Mbed 3.9k Jan 7, 2023
The UAPKI is crypto library for using in PKI with support of Ukrainian and internationlal cryptographic standards.

UAPKI The UAPKI is crypto library for using in PKI with support of Ukrainian and internationlal cryptographic standards. Fork from Cryptonite. Expert

null 25 Dec 23, 2022
free C++ class library of cryptographic schemes

Crypto++: free C++ Class Library of Cryptographic Schemes Version 8.4 - TBD Crypto++ Library is a free C++ class library of cryptographic schemes. Cu

null 3.7k Jan 2, 2023
Reference implementations of post-quantum cryptographic primitives

PQ Crypto Catalog Implementation of quantum-safe signature and KEM schemes submitted to NIST PQC Standardization Process. The goal is to provide an ea

Kris Kwiatkowski 21 Oct 21, 2022
XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner

XMRig is a high performance, open source, cross platform RandomX, KawPow, CryptoNight and AstroBWT unified CPU/GPU miner and RandomX benchmark. Official binaries are available for Windows, Linux, macOS and FreeBSD.

null 7.3k Jan 9, 2023
Upbit(업비트) Cryptocurrency Exchange Open API Client of Multi-Programming Language Support

Upbit Client Documents Support Upbit Client Upbit(업비트) Cryptocurrency Exchange API Client Description Upbit(업비트) Cryptocurrency Exchange Open API Clie

Yu Jhin 47 Dec 11, 2022
LibSWIFFT - A fast C/C++ library for the SWIFFT secure homomorphic hash function

LibSWIFFT - A fast C/C++ library for the SWIFFT secure homomorphic hash function Official Repository LibSWIFFT is a production-ready C/C++ library pro

Gvili Tech Ltd 23 Oct 23, 2022
Monero: the secure, private, untraceable cryptocurrency

Monero: the secure, private, untraceable cryptocurrency

The Monero Project 7.5k Dec 30, 2022
Mbedcrypto - a portable, small, easy to use and fast c++14 library for cryptography.

mbedcrypto mbedcrypto is a portable, small, easy to use, feature rich and fast c++14 library for cryptography based on fantastic and clean mbedtlsnote

amir zamani 38 Nov 22, 2022
A modern, portable, easy to use crypto library.

Sodium is a new, easy-to-use software library for encryption, decryption, signatures, password hashing and more. It is a portable, cross-compilable, i

Frank Denis 10.7k Jan 4, 2023
High-level build system for distributed, multi-platform C/C++ projects.

fips fips is a highlevel build system wrapper written in Python for C/C++ projects. (this project has nothing to do with the Federal Information Proce

Andre Weissflog 427 Dec 25, 2022
HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files, streams, bytearrays and untyped data to mention but a few.

HashLibPlus HashLibPlus is a recommended C++11 hashing library that provides a fluent interface for computing hashes and checksums of strings, files,

Telepati 6 Dec 22, 2022
wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.

wtf is a distributed, code-coverage guided, customizable, cross-platform snapshot-based fuzzer designed for attacking user and / or kernel-mode targets running on Microsoft Windows.

Axel Souchet 1.1k Dec 30, 2022
:lock: Don't use this repo, use the new monorepo instead:

trezor-crypto Heavily optimized cryptography algorithms for embedded devices. These include: AES/Rijndael encryption/decryption Big Number (256 bit) A

TREZOR 490 Dec 25, 2022