xref: /aosp_15_r20/external/tink/python/examples/hybrid/README.md (revision e7b1675dde1b92d52ec075b0a92829627f2c52a5) 
1*e7b1675dSTing-Kang Chang# Python hybrid encryption example
2*e7b1675dSTing-Kang Chang
3*e7b1675dSTing-Kang ChangThis example shows how to encrypt data with Tink using hybrid encryption.
4*e7b1675dSTing-Kang Chang
5*e7b1675dSTing-Kang ChangIt demonstrates the basic steps of using Tink, namely loading key material,
6*e7b1675dSTing-Kang Changobtaining a primitive, and using the primitive to do crypto.
7*e7b1675dSTing-Kang Chang
8*e7b1675dSTing-Kang ChangThe key material was generated with Tinkey:
9*e7b1675dSTing-Kang Chang
10*e7b1675dSTing-Kang Chang```shell
11*e7b1675dSTing-Kang Chang$ tinkey create-keyset \
12*e7b1675dSTing-Kang Chang    --key-template DHKEM_X25519_HKDF_SHA256_HKDF_SHA256_AES_256_GCM \
13*e7b1675dSTing-Kang Chang    --out-format JSON --out hybrid_test_private_keyset.json
14*e7b1675dSTing-Kang Chang
15*e7b1675dSTing-Kang Chang$ tinkey create-public-keyset --in hybrid_test_private_keyset.json \
16*e7b1675dSTing-Kang Chang    --in-format JSON --out-format JSON --out hybrid_test_public_keyset.json
17*e7b1675dSTing-Kang Chang```
18*e7b1675dSTing-Kang Chang
19*e7b1675dSTing-Kang Chang## Build and Run
20*e7b1675dSTing-Kang Chang
21*e7b1675dSTing-Kang Chang### Bazel
22*e7b1675dSTing-Kang Chang
23*e7b1675dSTing-Kang Chang```shell
24*e7b1675dSTing-Kang Chang$ git clone https://github.com/google/tink
25*e7b1675dSTing-Kang Chang$ cd tink/python/examples
26*e7b1675dSTing-Kang Chang$ bazel build ...
27*e7b1675dSTing-Kang Chang```
28*e7b1675dSTing-Kang Chang
29*e7b1675dSTing-Kang ChangYou can then encrypt a file:
30*e7b1675dSTing-Kang Chang
31*e7b1675dSTing-Kang Chang```shell
32*e7b1675dSTing-Kang Chang$ echo "some data" > testdata.txt
33*e7b1675dSTing-Kang Chang$ ./bazel-bin/hybrid/hybrid --mode encrypt \
34*e7b1675dSTing-Kang Chang    --keyset_path ./hybrid/hybrid_test_public_keyset.json \
35*e7b1675dSTing-Kang Chang    --input_path testdata.txt --output_path testdata.txt.encrypted
36*e7b1675dSTing-Kang Chang```
37*e7b1675dSTing-Kang Chang
38*e7b1675dSTing-Kang ChangOr decrypt the file with:
39*e7b1675dSTing-Kang Chang
40*e7b1675dSTing-Kang Chang```shell
41*e7b1675dSTing-Kang Chang$ ./bazel-bin/hybrid/hybrid --mode decrypt \
42*e7b1675dSTing-Kang Chang    --keyset_path ./hybrid/hybrid_test_private_keyset.json \
43*e7b1675dSTing-Kang Chang    --input_path testdata.txt.encrypted --output_path testdata.txt.decrypted
44*e7b1675dSTing-Kang Chang$ diff testdata.txt testdata.txt.decrypted
45*e7b1675dSTing-Kang Chang```
46