Tink Library Helps You Develop Secure Code
Written by Kay Ewbank   
Monday, 17 September 2018

Google has released a multi-language, cross-platform cryptographic library called Tink. The idea is that it has cryptographic APIs that are secure, easy to use correctly, and harder to misuse.

Tink is open source, and is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture. However, the developers have improved on the algorithms to overcome problems that were discovered by Google developers working on Project Wycheproof. Wycheproof is used to test crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but isn't an official Google product. Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto and authenticated encryption.

The developers have set out to have Tink help programmers using it avoid potential security problems in their code. One example given is where the underlying encryption mode requires nonces and nonce reuse makes it insecure. In this case, Tink stops the user passing nonces.

Another way Tink works is by isolating APIs for potentially dangerous operations such as loading cleartext keys from disk), making it possible for developers to discover and restrict the dangerous usage.

Tink supports the following primitives:

  • AEAD (Authenticated Encryption with Associated Date)
  • MAC (Message Authentication Codes)
  • Digital Signatures
  • Hybrid Encryption

A primitive is an interface that specifies what operations are offered by the primitive. It can have multiple implementations, and the user chooses which implementation will be used by specifying a key of corresponding type. The key structure is a protocol buffer that contains all the material and parameters needed to make the primitive work.

Alongside the cryptographic features, Tink can be used for key management, and supports remote key management systems (KMS). The current version supports Google Cloud KMS, Amazon KMS, and Android Keystore. Supprt for Apple iOS KeyChain is planned for a future version. In terms of language support, Tink can be used with Java, C++, and Objective-C. Support for C#, Go, and JavaScript/Node is planned for the next version.google

More Information

Tink on Github

Related Articles

Chaff Bugs Make Your Code More Secure

Project Wycheproof Reveals Bugs In Popular Crypto Libraries

Airship, a truly secure PHP CMS

Open Source Homomorphic Cryptography

Public Key Cryptography Set To Fail In Five Years

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Remembering Grace Hopper On Her 114th Anniversary
09/12/2024

Today sees the start of Computer Science Education Week and  the 2024 Hour of Code. These educational event are timed to coincide with Grace Hopper's birthday on January 9th, 1906 due to her conc [ ... ]



The Advent of SQL 2024 Has Commenced
11/12/2024

It's Advent - the time of year when we countdown the days to Christmas - and if your are a programmer complete daily coding challenges with the Advent of Code, the Advent of Perl, the Advent of Java,  [ ... ]


More News

espbook

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 17 September 2018 )