1*e7b1675dSTing-Kang Chang# Tink 2*e7b1675dSTing-Kang Chang 3*e7b1675dSTing-Kang Chang*A multi-language, cross-platform library that provides cryptographic APIs that 4*e7b1675dSTing-Kang Changare secure, easy to use correctly, and hard(er) to misuse. See also: 5*e7b1675dSTing-Kang Changhttps://developers.google.com/tink*. 6*e7b1675dSTing-Kang Chang 7*e7b1675dSTing-Kang Chang> **NOTE**: **Tink is moving!** 8*e7b1675dSTing-Kang Chang> 9*e7b1675dSTing-Kang Chang> As part of our roadmap we are splitting Tink into 10*e7b1675dSTing-Kang Chang> [multiple GitHub repositories][split_repo_roadmap_url] that will be hosted at 11*e7b1675dSTing-Kang Chang> [github.com/tink-crypto](https://github.com/tink-crypto) and will be 12*e7b1675dSTing-Kang Chang> independently versioned. 13*e7b1675dSTing-Kang Chang> 14*e7b1675dSTing-Kang Chang> Roughly, we are going to create one repository per language, library extension 15*e7b1675dSTing-Kang Chang> such as KMS (except Tink Python), and tools. 16*e7b1675dSTing-Kang Chang> 17*e7b1675dSTing-Kang Chang> A few important highlights: 18*e7b1675dSTing-Kang Chang> 19*e7b1675dSTing-Kang Chang> - The migration will be done gradually over the course of 2023 with a new 20*e7b1675dSTing-Kang Chang> release from each of the new repositories. Releases will be announced in 21*e7b1675dSTing-Kang Chang> our [mailing list][tink_mailing_list_url]. 22*e7b1675dSTing-Kang Chang> - We will keep updating each implementation/tool in 23*e7b1675dSTing-Kang Chang> [github.com/google/tink](https://github.com/google/tink) for a specified 24*e7b1675dSTing-Kang Chang> amount of time; migrated implementations/tools will eventually stop being 25*e7b1675dSTing-Kang Chang> updated on [github.com/google/tink](https://github.com/google/tink). The 26*e7b1675dSTing-Kang Chang> support window depends on the specific implementation, as shown in the 27*e7b1675dSTing-Kang Chang> table below. 28*e7b1675dSTing-Kang Chang> - New issues and pull requests should be created in the new repos. 29*e7b1675dSTing-Kang Chang> 30*e7b1675dSTing-Kang Chang> Below is the list of resulting repositories, migration timeline and expected 31*e7b1675dSTing-Kang Chang> end of support. 32*e7b1675dSTing-Kang Chang> 33*e7b1675dSTing-Kang Chang> Tink implementation/extension | New repository | Migration status | End of support in google/tink 34*e7b1675dSTing-Kang Chang> ------------------------------------- | ----------------------------------------------------------------------------------------- | ------------------------------ | ----------------------------- 35*e7b1675dSTing-Kang Chang> Tink Java | [tink-crypto/tink-java](https://github.com/tink-crypto/tink-java) | Complete (Q1 2023) | Q3 2023 36*e7b1675dSTing-Kang Chang> Tink Java AWS KMS extension | [tink-crypto/tink-java-awskms](https://github.com/tink-crypto/tink-java-awskms) | Complete (Q1 2023) | Q3 2023 37*e7b1675dSTing-Kang Chang> Tink Java Google Cloud KMS extension | [tink-crypto/tink-java-gcpkms](https://github.com/tink-crypto/tink-java-gcpkms) | Complete (Q1 2023) | Q3 2023 38*e7b1675dSTing-Kang Chang> Tink Java apps extension | [tink-crypto/tink-java-apps](https://github.com/tink-crypto/tink-java-apps) | Complete (Q1 2023) | Q3 2023 39*e7b1675dSTing-Kang Chang> Tink C++ | [tink-crypto/tink-cc](https://github.com/tink-crypto/tink-cc) | Complete (Q2 2023) | Q4 2023 40*e7b1675dSTing-Kang Chang> Tink C++ AWS KMS extension | [tink-crypto/tink-cc-awskms](https://github.com/tink-crypto/tink-cc-awskms) | Complete (Q2 2023) | Q4 2023 41*e7b1675dSTing-Kang Chang> Tink C++ Google Cloud KMS extension | [tink-crypto/tink-cc-gcpkms](https://github.com/tink-crypto/tink-cc-gcpkms) | Complete (Q2 2023) | Q4 2023 42*e7b1675dSTing-Kang Chang> Tink Go | [tink-crypto/tink-go](https://github.com/tink-crypto/tink-go) | Complete (Q3 2023) | Q4 2023 43*e7b1675dSTing-Kang Chang> Tink Go AWS KMS extension | [tink-crypto/tink-go-awskms](https://github.com/tink-crypto/tink-go-awskms) | Complete (Q3 2023) | Q4 2023 44*e7b1675dSTing-Kang Chang> Tink Go Google Cloud KMS extension | [tink-crypto/tink-go-gcpkms](https://github.com/tink-crypto/tink-go-gcpkms) | Complete (Q3 2023) | Q4 2023 45*e7b1675dSTing-Kang Chang> Tink Go HashiCorp Vault KMS extension | [tink-crypto/tink-go-hcvault](https://github.com/tink-crypto/tink-go-hcvault) | Complete (Q3 2023) | Q4 2023 46*e7b1675dSTing-Kang Chang> Tink Python | [tink-crypto/tink-py](https://github.com/tink-crypto/tink-py) | In progress (Q3 2023) | TBA 47*e7b1675dSTing-Kang Chang> Tink Obj-C | [tink-crypto/tink-objc](https://github.com/tink-crypto/tink-objc) | Not started (expected Q4 2023) | TBA 48*e7b1675dSTing-Kang Chang> Tink Tinkey | [tink-crypto/tink-tinkey](https://github.com/tink-crypto/tink-tinkey) | Complete (Q2 2023) | Q4 2023 49*e7b1675dSTing-Kang Chang> Tink cross language tests | [tink-crypto/tink-cross-lang-tests](https://github.com/tink-crypto/tink-cross-lang-tests) | Not started (expected Q4 2023) | TBA 50*e7b1675dSTing-Kang Chang 51*e7b1675dSTing-Kang Chang> **NOTE**: **We are removing Tink for JavaScript/TypeScript** 52*e7b1675dSTing-Kang Chang> 53*e7b1675dSTing-Kang Chang> We are removing the Tink JavaScript/TypeScript library from our current Github 54*e7b1675dSTing-Kang Chang> repository (master branch). As part of our effort to migrate Tink to 55*e7b1675dSTing-Kang Chang> https://github.com/tink-crypto, we will not release an individual 56*e7b1675dSTing-Kang Chang> JavaScript/Typescript repository. Furthermore, the JavaScript/TypeScript 57*e7b1675dSTing-Kang Chang> [directory](https://github.com/google/tink/tree/master/javascript) in the 58*e7b1675dSTing-Kang Chang> current release branch (v1.7.0) will no longer be actively supported. 59*e7b1675dSTing-Kang Chang> 60*e7b1675dSTing-Kang Chang> _We aim to remove the JS/TS directory from the current Tink Github repository 61*e7b1675dSTing-Kang Chang> (master branch) on **June 22, 2023**. We will also deprecate the Tink npm 62*e7b1675dSTing-Kang Chang> package on this date._ 63*e7b1675dSTing-Kang Chang> 64*e7b1675dSTing-Kang Chang> See [this](https://github.com/google/tink/issues/689) tracking issue for more 65*e7b1675dSTing-Kang Chang> details. 66*e7b1675dSTing-Kang Chang> 67*e7b1675dSTing-Kang Chang> Feel free to use our [mailing list][tink_mailing_list_url] to raise any 68*e7b1675dSTing-Kang Chang> questions, issues or concerns. 69*e7b1675dSTing-Kang Chang 70*e7b1675dSTing-Kang Chang[split_repo_roadmap_url]: https://developers.google.com/tink/roadmap#splitting_tink_into_multiple_github_repositories 71*e7b1675dSTing-Kang Chang[tink_mailing_list_url]: https://groups.google.com/forum/#!forum/tink-users 72*e7b1675dSTing-Kang Chang 73*e7b1675dSTing-Kang Chang## Index 74*e7b1675dSTing-Kang Chang 75*e7b1675dSTing-Kang Chang1. [Introduction](#introduction) 76*e7b1675dSTing-Kang Chang2. [Current status](#current-status) 77*e7b1675dSTing-Kang Chang3. [Getting started](#getting-started) 78*e7b1675dSTing-Kang Chang4. [Learn more](#learn-more) 79*e7b1675dSTing-Kang Chang5. [Contact and mailing list](#contact-and-mailing-list) 80*e7b1675dSTing-Kang Chang6. [Maintainers](#maintainers) 81*e7b1675dSTing-Kang Chang 82*e7b1675dSTing-Kang Chang## Introduction 83*e7b1675dSTing-Kang Chang 84*e7b1675dSTing-Kang ChangUsing crypto in your application [shouldn't have to][devs_are_users_too_slides] 85*e7b1675dSTing-Kang Changfeel like juggling chainsaws in the dark. Tink is a crypto library written by a 86*e7b1675dSTing-Kang Changgroup of cryptographers and security engineers at Google. It was born out of our 87*e7b1675dSTing-Kang Changextensive experience working with Google's product teams, 88*e7b1675dSTing-Kang Chang[fixing weaknesses in implementations](https://github.com/google/wycheproof), 89*e7b1675dSTing-Kang Changand providing simple APIs that can be used safely without needing a crypto 90*e7b1675dSTing-Kang Changbackground. 91*e7b1675dSTing-Kang Chang 92*e7b1675dSTing-Kang ChangTink provides secure APIs that are easy to use correctly and hard(er) to misuse. 93*e7b1675dSTing-Kang ChangIt reduces common crypto pitfalls with user-centered design, careful 94*e7b1675dSTing-Kang Changimplementation and code reviews, and extensive testing. At Google, Tink is one 95*e7b1675dSTing-Kang Changof the standard crypto libraries, and has been deployed in hundreds of products 96*e7b1675dSTing-Kang Changand systems. 97*e7b1675dSTing-Kang Chang 98*e7b1675dSTing-Kang ChangTo get a quick overview of Tink design please take a look at 99*e7b1675dSTing-Kang Chang[slides][tink_talk_slides] from [a talk about Tink][tink_talk_recording] 100*e7b1675dSTing-Kang Changpresented at [Real World Crypto 2019](https://rwc.iacr.org/2019/). 101*e7b1675dSTing-Kang Chang 102*e7b1675dSTing-Kang Chang[devs_are_users_too_slides]: https://www.usenix.org/sites/default/files/conference/protected-files/hotsec15_slides_green.pdf 103*e7b1675dSTing-Kang Chang[tink_talk_slides]: docs/Tink-a_cryptographic_library--RealWorldCrypto2019.pdf 104*e7b1675dSTing-Kang Chang[tink_talk_recording]: https://www.youtube.com/watch?v=pqev9r3rUJs&t=9665 105*e7b1675dSTing-Kang Chang 106*e7b1675dSTing-Kang Chang## Current status 107*e7b1675dSTing-Kang Chang 108*e7b1675dSTing-Kang Chang[Java/Android](docs/JAVA-HOWTO.md), [C++](docs/CPP-HOWTO.md), 109*e7b1675dSTing-Kang Chang[Obj-C](docs/OBJC-HOWTO.md), [Go](docs/GOLANG-HOWTO.md), and 110*e7b1675dSTing-Kang Chang[Python](docs/PYTHON-HOWTO.md) are field tested and ready for production. The 111*e7b1675dSTing-Kang Changlatest version is [1.7.0](https://github.com/google/tink/releases/tag/v1.7.0), 112*e7b1675dSTing-Kang Changreleased on 2022-08-09. 113*e7b1675dSTing-Kang Chang 114*e7b1675dSTing-Kang ChangJavascript/Typescript is in an alpha state and should only be used for testing. 115*e7b1675dSTing-Kang ChangPlease see the intent to remove statement 116*e7b1675dSTing-Kang Chang[here](https://github.com/google/tink/issues/689). 117*e7b1675dSTing-Kang Chang 118*e7b1675dSTing-Kang Chang**`Ubuntu`** | **`macOS`** 119*e7b1675dSTing-Kang Chang----------------------------------- | --------------------------------- 120*e7b1675dSTing-Kang Chang[![Kokoro Ubuntu][ubuntu_badge]](#) | [![Kokoro macOS][macos_badge]](#) 121*e7b1675dSTing-Kang Chang 122*e7b1675dSTing-Kang Chang[ubuntu_badge]: https://storage.googleapis.com/tink-kokoro-build-badges/tink-ubuntu.png 123*e7b1675dSTing-Kang Chang[macos_badge]: https://storage.googleapis.com/tink-kokoro-build-badges/tink-macos.png 124*e7b1675dSTing-Kang Chang 125*e7b1675dSTing-Kang Chang## Getting started 126*e7b1675dSTing-Kang Chang 127*e7b1675dSTing-Kang ChangDocumentation for the project is located at https://developers.google.com/tink. 128*e7b1675dSTing-Kang ChangCurrently, it details a variety of common usage scenarios and covers the Java 129*e7b1675dSTing-Kang Changand Python implementations. The site will be populated with more content over 130*e7b1675dSTing-Kang Changtime. 131*e7b1675dSTing-Kang Chang 132*e7b1675dSTing-Kang ChangAlternatively, you can look at all of the [`examples`] which demonstrate 133*e7b1675dSTing-Kang Changperforming simple tasks using Tink in a variety of languages. 134*e7b1675dSTing-Kang Chang 135*e7b1675dSTing-Kang Chang[`examples`]: https://github.com/google/tink/tree/master/examples 136*e7b1675dSTing-Kang Chang 137*e7b1675dSTing-Kang Chang* Python 138*e7b1675dSTing-Kang Chang 139*e7b1675dSTing-Kang Chang```sh 140*e7b1675dSTing-Kang Changpip3 install tink 141*e7b1675dSTing-Kang Chang``` 142*e7b1675dSTing-Kang Chang 143*e7b1675dSTing-Kang Chang* Golang 144*e7b1675dSTing-Kang Chang 145*e7b1675dSTing-Kang Chang```sh 146*e7b1675dSTing-Kang Changgo get github.com/google/tink/go/... 147*e7b1675dSTing-Kang Chang``` 148*e7b1675dSTing-Kang Chang 149*e7b1675dSTing-Kang Chang* Java 150*e7b1675dSTing-Kang Chang 151*e7b1675dSTing-Kang Chang```xml 152*e7b1675dSTing-Kang Chang<dependency> 153*e7b1675dSTing-Kang Chang <groupId>com.google.crypto.tink</groupId> 154*e7b1675dSTing-Kang Chang <artifactId>tink</artifactId> 155*e7b1675dSTing-Kang Chang <version>1.7.0</version> 156*e7b1675dSTing-Kang Chang</dependency> 157*e7b1675dSTing-Kang Chang``` 158*e7b1675dSTing-Kang Chang 159*e7b1675dSTing-Kang Chang* Android 160*e7b1675dSTing-Kang Chang 161*e7b1675dSTing-Kang Chang``` 162*e7b1675dSTing-Kang Changdependencies { 163*e7b1675dSTing-Kang Chang implementation 'com.google.crypto.tink:tink-android:1.7.0' 164*e7b1675dSTing-Kang Chang} 165*e7b1675dSTing-Kang Chang``` 166*e7b1675dSTing-Kang Chang 167*e7b1675dSTing-Kang Chang* Objective-C/iOS 168*e7b1675dSTing-Kang Chang 169*e7b1675dSTing-Kang Chang```sh 170*e7b1675dSTing-Kang Changcd /path/to/your/Xcode project/ 171*e7b1675dSTing-Kang Changpod init 172*e7b1675dSTing-Kang Changpod 'Tink', '1.7.0' 173*e7b1675dSTing-Kang Changpod install 174*e7b1675dSTing-Kang Chang``` 175*e7b1675dSTing-Kang Chang 176*e7b1675dSTing-Kang Chang## Learn more 177*e7b1675dSTing-Kang Chang 178*e7b1675dSTing-Kang Chang* [Java HOW-TO](docs/JAVA-HOWTO.md) 179*e7b1675dSTing-Kang Chang* [C++ HOW-TO](docs/CPP-HOWTO.md) 180*e7b1675dSTing-Kang Chang* [Obj-C HOW-TO](docs/OBJC-HOWTO.md) 181*e7b1675dSTing-Kang Chang* [Go HOW-TO](docs/GOLANG-HOWTO.md) 182*e7b1675dSTing-Kang Chang* [Python HOW-TO](docs/PYTHON-HOWTO.md) 183*e7b1675dSTing-Kang Chang* [Security and Usability Design Goals](docs/SECURITY-USABILITY.md) 184*e7b1675dSTing-Kang Chang* [Supported Crypto Primitives](docs/PRIMITIVES.md) 185*e7b1675dSTing-Kang Chang* [Key Management](docs/KEY-MANAGEMENT.md) 186*e7b1675dSTing-Kang Chang* [Managing keys with Tinkey](docs/TINKEY.md) 187*e7b1675dSTing-Kang Chang* [Known Issues](docs/KNOWN-ISSUES.md) 188*e7b1675dSTing-Kang Chang 189*e7b1675dSTing-Kang Chang## Community-driven ports 190*e7b1675dSTing-Kang Chang 191*e7b1675dSTing-Kang ChangOut of the box Tink supports a wide range of languages, but it still doesn't 192*e7b1675dSTing-Kang Changsupport every language. Fortunately, some users like Tink so much that they've 193*e7b1675dSTing-Kang Changported it to their favorite languages! Below you can find notable ports. 194*e7b1675dSTing-Kang Chang 195*e7b1675dSTing-Kang Chang**WARNING** While we usually review these ports, until further notice, we do not 196*e7b1675dSTing-Kang Changmaintain them and have no plan to support them in the foreseeable future. 197*e7b1675dSTing-Kang Chang 198*e7b1675dSTing-Kang Chang* [Clojure](https://github.com/perkss/tinklj) 199*e7b1675dSTing-Kang Chang 200*e7b1675dSTing-Kang Chang## Contact and mailing list 201*e7b1675dSTing-Kang Chang 202*e7b1675dSTing-Kang ChangIf you want to contribute, please read [CONTRIBUTING](docs/CONTRIBUTING.md) and 203*e7b1675dSTing-Kang Changsend us pull requests. You can also report bugs or file feature requests. 204*e7b1675dSTing-Kang Chang 205*e7b1675dSTing-Kang ChangIf you'd like to talk to the developers or get notified about major product 206*e7b1675dSTing-Kang Changupdates, you may want to subscribe to our [mailing list][tink_mailing_list_url]. 207*e7b1675dSTing-Kang Chang 208*e7b1675dSTing-Kang Chang## Maintainers 209*e7b1675dSTing-Kang Chang 210*e7b1675dSTing-Kang ChangTink is maintained by (A-Z): 211*e7b1675dSTing-Kang Chang 212*e7b1675dSTing-Kang Chang- Moreno Ambrosin 213*e7b1675dSTing-Kang Chang- Taymon Beal 214*e7b1675dSTing-Kang Chang- Daniel Bleichenbacher 215*e7b1675dSTing-Kang Chang- William Conner 216*e7b1675dSTing-Kang Chang- Thai Duong 217*e7b1675dSTing-Kang Chang- Thomas Holenstein 218*e7b1675dSTing-Kang Chang- Stefan Kölbl 219*e7b1675dSTing-Kang Chang- Charles Lee 220*e7b1675dSTing-Kang Chang- Cindy Lin 221*e7b1675dSTing-Kang Chang- Fernando Lobato Meeser 222*e7b1675dSTing-Kang Chang- Atul Luykx 223*e7b1675dSTing-Kang Chang- Rafael Misoczki 224*e7b1675dSTing-Kang Chang- Sophie Schmieg 225*e7b1675dSTing-Kang Chang- Laurent Simon 226*e7b1675dSTing-Kang Chang- Elizaveta Tretiakova 227*e7b1675dSTing-Kang Chang- Jürg Wullschleger 228*e7b1675dSTing-Kang Chang 229*e7b1675dSTing-Kang ChangAlumni: 230*e7b1675dSTing-Kang Chang 231*e7b1675dSTing-Kang Chang- Haris Andrianakis 232*e7b1675dSTing-Kang Chang- Tanuj Dhir 233*e7b1675dSTing-Kang Chang- Quan Nguyen 234*e7b1675dSTing-Kang Chang- Bartosz Przydatek 235*e7b1675dSTing-Kang Chang- Enzo Puig 236*e7b1675dSTing-Kang Chang- Veronika Slívová 237*e7b1675dSTing-Kang Chang- Paula Vidas 238*e7b1675dSTing-Kang Chang- Cathie Yun 239*e7b1675dSTing-Kang Chang- Federico Zalcberg 240
