|Tink Library Helps You Develop Secure Code|
|Written by Kay Ewbank|
|Monday, 17 September 2018|
Google has released a multi-language, cross-platform cryptographic library called Tink. The idea is that it has cryptographic APIs that are secure, easy to use correctly, and harder to misuse.
Tink is open source, and is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture. However, the developers have improved on the algorithms to overcome problems that were discovered by Google developers working on Project Wycheproof. Wycheproof is used to test crypto libraries against known attacks. It is developed and maintained by members of Google Security Team, but isn't an official Google product. Wycheproof provides tests for most cryptographic algorithms, including RSA, elliptic curve crypto and authenticated encryption.
The developers have set out to have Tink help programmers using it avoid potential security problems in their code. One example given is where the underlying encryption mode requires nonces and nonce reuse makes it insecure. In this case, Tink stops the user passing nonces.
Another way Tink works is by isolating APIs for potentially dangerous operations such as loading cleartext keys from disk), making it possible for developers to discover and restrict the dangerous usage.
Tink supports the following primitives:
A primitive is an interface that specifies what operations are offered by the primitive. It can have multiple implementations, and the user chooses which implementation will be used by specifying a key of corresponding type. The key structure is a protocol buffer that contains all the material and parameters needed to make the primitive work.
or email your comment to: firstname.lastname@example.org
|Last Updated ( Monday, 17 September 2018 )|