Tink Library Helps You Develop Secure Code
Written by Kay Ewbank   
Monday, 17 September 2018

Google has released a multi-language, cross-platform cryptographic library called Tink. The idea is that it has cryptographic APIs that are secure, easy to use correctly, and harder to misuse.

Tink is open source, and is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture. However, the developers have improved on the algorithms to overcome problems that were discovered by Google developers working on Project Wycheproof. Wycheproof is used to test crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but isn't an official Google product. Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto and authenticated encryption.

The developers have set out to have Tink help programmers using it avoid potential security problems in their code. One example given is where the underlying encryption mode requires nonces and nonce reuse makes it insecure. In this case, Tink stops the user passing nonces.

Another way Tink works is by isolating APIs for potentially dangerous operations such as loading cleartext keys from disk), making it possible for developers to discover and restrict the dangerous usage.

Tink supports the following primitives:

  • AEAD (Authenticated Encryption with Associated Date)
  • MAC (Message Authentication Codes)
  • Digital Signatures
  • Hybrid Encryption

A primitive is an interface that specifies what operations are offered by the primitive. It can have multiple implementations, and the user chooses which implementation will be used by specifying a key of corresponding type. The key structure is a protocol buffer that contains all the material and parameters needed to make the primitive work.

Alongside the cryptographic features, Tink can be used for key management, and supports remote key management systems (KMS). The current version supports Google Cloud KMS, Amazon KMS, and Android Keystore. Supprt for Apple iOS KeyChain is planned for a future version. In terms of language support, Tink can be used with Java, C++, and Objective-C. Support for C#, Go, and JavaScript/Node is planned for the next version.google

More Information

Tink on Github

Related Articles

Chaff Bugs Make Your Code More Secure

Project Wycheproof Reveals Bugs In Popular Crypto Libraries

Airship, a truly secure PHP CMS

Open Source Homomorphic Cryptography

Public Key Cryptography Set To Fail In Five Years

To be informed about new articles on I Programmer, sign up for our weekly newsletter, subscribe to the RSS feed and follow us on Twitter, Facebook or Linkedin.

Banner


Yugabyte Improves Postgres Compatibility
24/09/2024

YugabyteDB has been upgraded with what the developers describe as enhanced Postgres capability in the form of new capabilities and architectural enhancements that allow a broader range of Postgres app [ ... ]



Swift 6 Improves Linux Support
23/09/2024

Apple has released Swift 6, with improvements to support for writing concurrent code, specifically a new, optional language mode that analyzes your code at compile-time and diagnoses possible data rac [ ... ]


More News

kotlin book

 

Comments




or email your comment to: comments@i-programmer.info

Last Updated ( Monday, 17 September 2018 )