README
¶
Tink Go
| Test | GCP Ubuntu | MacOS |
|---|---|---|
| Tink Gomod |  |
 |
| Tink Gomod (32 bit) |  |
N/A |
NOTE: Versions of Tink Go prior to v2.0.0 are located at https://github.com/tink-crypto/tink (godoc).
Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.
Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is one of the standard crypto libraries, and has been deployed in hundreds of products and systems.
To get a quick overview of Tink's design please take a look at Tink's goals.
The latest version is 2.6.0 (godoc).
The official documentation is available at https://developers.google.com/tink.
Contact and mailing list
If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.
If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.
Maintainers
Tink is maintained by (A-Z):
- Moreno Ambrosin
- Taymon Beal
- William Conner
- Thomas Holenstein
- Stefan Kölbl
- Charles Lee
- Cindy Lin
- Fernando Lobato Meeser
- Ioana Nedelcu
- Sophie Schmieg
- Elizaveta Tretiakova
- Jürg Wullschleger
Alumni:
- Haris Andrianakis
- Daniel Bleichenbacher
- Tanuj Dhir
- Thai Duong
- Atul Luykx
- Rafael Misoczki
- Quan Nguyen
- Bartosz Przydatek
- Enzo Puig
- Laurent Simon
- Veronika Slívová
- Paula Vidas
Directories
¶
| Path | Synopsis |
|---|---|
|
Package aead provides implementations of the AEAD primitive.
|
Package aead provides implementations of the AEAD primitive. |
|
aesctrhmac
Package aesctrhmac provides a key manager for the AES-CTR-HMAC AEAD.
|
Package aesctrhmac provides a key manager for the AES-CTR-HMAC AEAD. |
|
aesgcm
Package aesgcm implements AES-GCM parameters and key, as well as key manager.
|
Package aesgcm implements AES-GCM parameters and key, as well as key manager. |
|
aesgcmsiv
Package aesgcmsiv provides an implementation of AES-GCM-SIV.
|
Package aesgcmsiv provides an implementation of AES-GCM-SIV. |
|
chacha20poly1305
Package chacha20poly1305 implements ChaCha20-Poly1305 parameters and key.
|
Package chacha20poly1305 implements ChaCha20-Poly1305 parameters and key. |
|
internal/testutil
Package testutil provides testing utilities for AEAD primitives.
|
Package testutil provides testing utilities for AEAD primitives. |
|
subtle
Package subtle provides subtle implementations of the AEAD primitive.
|
Package subtle provides subtle implementations of the AEAD primitive. |
|
xaesgcm
Package xaesgcm provides a key and parameters definition for X-AES-GCM, which is specified in https://c2sp.org/XAES-256-GCM.
|
Package xaesgcm provides a key and parameters definition for X-AES-GCM, which is specified in https://c2sp.org/XAES-256-GCM. |
|
xchacha20poly1305
Package xchacha20poly1305 provides a Tink key manager for XChaCha20Poly1305 keys.
|
Package xchacha20poly1305 provides a Tink key manager for XChaCha20Poly1305 keys. |
|
core
|
|
|
cryptofmt
Package cryptofmt provides constants and convenience methods that define the format of ciphertexts and signatures.
|
Package cryptofmt provides constants and convenience methods that define the format of ciphertexts and signatures. |
|
registry
Package registry provides a container that for each supported key type holds a corresponding KeyManager object, which can generate new keys or instantiate the primitive corresponding to given key.
|
Package registry provides a container that for each supported key type holds a corresponding KeyManager object, which can generate new keys or instantiate the primitive corresponding to given key. |
|
Package daead provides implementations of the DeterministicAEAD primitive.
|
Package daead provides implementations of the DeterministicAEAD primitive. |
|
aessiv
Package aessiv defines AES-SIV parameters and keys (RFC 5297).
|
Package aessiv defines AES-SIV parameters and keys (RFC 5297). |
|
subtle
Package subtle provides subtle implementations of the DeterministicAEAD primitive.
|
Package subtle provides subtle implementations of the DeterministicAEAD primitive. |
|
Package hybrid provides implementations of the Hybrid Encryption primitive.
|
Package hybrid provides implementations of the Hybrid Encryption primitive. |
|
ecies
Package ecies contains parameters and keys for ECIES keys with HKDF and AEAD encryption.
|
Package ecies contains parameters and keys for ECIES keys with HKDF and AEAD encryption. |
|
hpke
Package hpke contains HPKE (Hybrid Public Key Encryption) key managers.
|
Package hpke contains HPKE (Hybrid Public Key Encryption) key managers. |
|
internal/ecies
Package ecies provides a helper for creating tink.AEAD or tink.DeterministicAEAD primitives for the specified tink.Parameters and key material.
|
Package ecies provides a helper for creating tink.AEAD or tink.DeterministicAEAD primitives for the specified tink.Parameters and key material. |
|
internal/hpke
Package hpke provides implementations of Hybrid Public Key Encryption.
|
Package hpke provides implementations of Hybrid Public Key Encryption. |
|
subtle
Package subtle provides subtle implementations of the Hybrid Encryption primitive.
|
Package subtle provides subtle implementations of the Hybrid Encryption primitive. |
|
Package insecurecleartextkeyset provides methods to read or write cleartext keyset material.
|
Package insecurecleartextkeyset provides methods to read or write cleartext keyset material. |
|
Package insecuresecretdataaccess provides the definition of a token used to control and track access to secret data.
|
Package insecuresecretdataaccess provides the definition of a token used to control and track access to secret data. |
|
Package internal provides a coordination point for package keyset, package insecurecleartextkeyset, and package testkeyset.
|
Package internal provides a coordination point for package keyset, package insecurecleartextkeyset, and package testkeyset. |
|
aead
Package aead provides internal implementations of the AEAD primitive.
|
Package aead provides internal implementations of the AEAD primitive. |
|
config
Package config provides internal implementation of Configs.
|
Package config provides internal implementation of Configs. |
|
config/aeadconfig
Package aeadconfig provides an instance of the Config for AEAD primitives.
|
Package aeadconfig provides an instance of the Config for AEAD primitives. |
|
config/daeadconfig
Package daeadconfig provides an instance of the Config for DAEAD primitives.
|
Package daeadconfig provides an instance of the Config for DAEAD primitives. |
|
config/hybridconfig
Package hybridconfig provides an instance of the Config for hybrid primitives.
|
Package hybridconfig provides an instance of the Config for hybrid primitives. |
|
config/jwtmacconfig
Package jwtmacconfig provides an instance of the Config for JWT MAC primitives.
|
Package jwtmacconfig provides an instance of the Config for JWT MAC primitives. |
|
config/jwtsignatureconfig
Package jwtsignatureconfig provides an instance of the Config for JWT Signature primitives.
|
Package jwtsignatureconfig provides an instance of the Config for JWT Signature primitives. |
|
config/keyderivationconfig
Package keyderivationconfig provides tink configs for key derivation.
|
Package keyderivationconfig provides tink configs for key derivation. |
|
config/macconfig
Package macconfig provides an instance of the Config for MAC primitives.
|
Package macconfig provides an instance of the Config for MAC primitives. |
|
config/prfconfig
Package prfconfig provides an instance of the Config for PRF primitives.
|
Package prfconfig provides an instance of the Config for PRF primitives. |
|
config/signatureconfig
Package signatureconfig provides an instance of the Config for signature primitives.
|
Package signatureconfig provides an instance of the Config for signature primitives. |
|
config/streamingaeadconfig
Package streamingaeadconfig provides StreamingAEAD configurations for Tink.
|
Package streamingaeadconfig provides StreamingAEAD configurations for Tink. |
|
ec
Package ec provides utility functions for Elliptic Curves.
|
Package ec provides utility functions for Elliptic Curves. |
|
internalapi
Package internalapi provides a token that restricts access to Tink APIs.
|
Package internalapi provides a token that restricts access to Tink APIs. |
|
internalregistry
Package internalregistry provides a container for functionality that is required across Tink similar to the `registry` but isn't part of the public API.
|
Package internalregistry provides a container for functionality that is required across Tink similar to the `registry` but isn't part of the public API. |
|
jwk
Package jwk provides functions to convert between JWK and Tink keysets.
|
Package jwk provides functions to convert between JWK and Tink keysets. |
|
keygenregistry
Package keygenregistry is a registry for key creators.
|
Package keygenregistry is a registry for key creators. |
|
legacykeymanager
Package legacykeymanager provides a legacy implementation of the registry.KeyManager interface.
|
Package legacykeymanager provides a legacy implementation of the registry.KeyManager interface. |
|
mac/aescmac
Package aescmac implements AES-CMAC.
|
Package aescmac implements AES-CMAC. |
|
mac/hmac
Package hmac implements the hmac algorithm.
|
Package hmac implements the hmac algorithm. |
|
monitoringutil
Package monitoringutil implements utility functions for monitoring.
|
Package monitoringutil implements utility functions for monitoring. |
|
outputprefix
Package outputprefix provides constants and shared utility functions for computing the prefix applied to the output of a cryptographic function.
|
Package outputprefix provides constants and shared utility functions for computing the prefix applied to the output of a cryptographic function. |
|
prefixmap
Package prefixmap provides a map that adds a prefix to each primitive.
|
Package prefixmap provides a map that adds a prefix to each primitive. |
|
primitiveregistry
Package primitiveregistry provides a registry for primitive constructors.
|
Package primitiveregistry provides a registry for primitive constructors. |
|
primitiveset
Package primitiveset provides a container for a set of cryptographic primitives.
|
Package primitiveset provides a container for a set of cryptographic primitives. |
|
protoserialization
Package protoserialization defines interfaces for proto key to key objects parsers, and provides a global registry that maps key type URLs to key parsers.
|
Package protoserialization defines interfaces for proto key to key objects parsers, and provides a global registry that maps key type URLs to key parsers. |
|
registryconfig
Package registryconfig is a transitioning stepping stone used by the keyset handle in cases where a configuration is not provided by the user, so it needs to resort to using the old global registry methods.
|
Package registryconfig is a transitioning stepping stone used by the keyset handle in cases where a configuration is not provided by the user, so it needs to resort to using the old global registry methods. |
|
registryconfig/legacyprimitive
Package legacyprimitive provides a type that wraps a regular primitive that can be used to identify primitives that have a legacy implementation.
|
Package legacyprimitive provides a type that wraps a regular primitive that can be used to identify primitives that have a legacy implementation. |
|
signature
Package signature provides internal implementations of the Signer and Verifier primitives.
|
Package signature provides internal implementations of the Signer and Verifier primitives. |
|
signature/ecdsa
Package ecdsa provides internal ECDSA utility functions.
|
Package ecdsa provides internal ECDSA utility functions. |
|
signature/mldsa
Package mldsa implements ML-DSA as specified in NIST FIPS 204 (https://doi.org/10.6028/NIST.FIPS.204).
|
Package mldsa implements ML-DSA as specified in NIST FIPS 204 (https://doi.org/10.6028/NIST.FIPS.204). |
|
signature/slhdsa
Package slhdsa implements SLH-DSA as specified in NIST FIPS 205 (https://doi.org/10.6028/NIST.FIPS.205).
|
Package slhdsa implements SLH-DSA as specified in NIST FIPS 205 (https://doi.org/10.6028/NIST.FIPS.205). |
|
testing/aead
Package aead contains types for testing AEAD primitives.
|
Package aead contains types for testing AEAD primitives. |
|
testing/stubkeymanager
Package stubkeymanager defines key managers for testing primitives.
|
Package stubkeymanager defines key managers for testing primitives. |
|
tinkerror
Package tinkerror provides error handling functionality which helps maintain API backwards compatibility.
|
Package tinkerror provides error handling functionality which helps maintain API backwards compatibility. |
|
tinkerror/tinkerrortest
Package tinkerrortest provides test functionality for package tinkerror.
|
Package tinkerrortest provides test functionality for package tinkerror. |
|
Package jwt implements a subset of JSON Web Token (JWT) as defined by RFC 7519 (https://tools.ietf.org/html/rfc7519) that is considered safe and most often used.
|
Package jwt implements a subset of JSON Web Token (JWT) as defined by RFC 7519 (https://tools.ietf.org/html/rfc7519) that is considered safe and most often used. |
|
jwtecdsa
Package jwtecdsa defines JWT ECDSA keys and parameters.
|
Package jwtecdsa defines JWT ECDSA keys and parameters. |
|
jwthmac
Package jwthmac provides a JWT HMAC signer and verifier.
|
Package jwthmac provides a JWT HMAC signer and verifier. |
|
jwtrsassapkcs1
Package jwtrsassapkcs1 provides parameters for JWT RSA SSA PKCS1 keys.
|
Package jwtrsassapkcs1 provides parameters for JWT RSA SSA PKCS1 keys. |
|
jwtrsassapss
Package jwtrsassapss defines parameters and keys for the JWT-RSA-SSA-PSS algorithm.
|
Package jwtrsassapss defines parameters and keys for the JWT-RSA-SSA-PSS algorithm. |
|
Package key defines interfaces for Key and Parameters types.
|
Package key defines interfaces for Key and Parameters types. |
|
Package keyderivation provides implementations of the keyset deriver primitive.
|
Package keyderivation provides implementations of the keyset deriver primitive. |
|
internal/keyderiver
Package keyderiver provides an internal interface for key derivation.
|
Package keyderiver provides an internal interface for key derivation. |
|
internal/keyderivers
Package keyderivers provides functions to register and use key derivers.
|
Package keyderivers provides functions to register and use key derivers. |
|
internal/streamingprf
Package streamingprf provides implementations of streaming pseudorandom function families.
|
Package streamingprf provides implementations of streaming pseudorandom function families. |
|
prfbasedkeyderivation
Package prfbasedkeyderivation provides a key derivation function that is based on a PRF.
|
Package prfbasedkeyderivation provides a key derivation function that is based on a PRF. |
|
Package keyset provides methods to generate, read, write or validate keysets.
|
Package keyset provides methods to generate, read, write or validate keysets. |
|
kwp
|
|
|
subtle
Package subtle implements the key wrapping primitive KWP defined in NIST SP 800 38f.
|
Package subtle implements the key wrapping primitive KWP defined in NIST SP 800 38f. |
|
Package mac provides implementations of the MAC primitive.
|
Package mac provides implementations of the MAC primitive. |
|
aescmac
Package aescmac provides the key manager for AES-CMAC.
|
Package aescmac provides the key manager for AES-CMAC. |
|
hmac
Package hmac provides the key manager for HMAC.
|
Package hmac provides the key manager for HMAC. |
|
internal/mactest
Package mactest has testing utilities for the MAC primitive
|
Package mactest has testing utilities for the MAC primitive |
|
subtle
Package subtle provides subtle implementations of the MAC primitive.
|
Package subtle provides subtle implementations of the MAC primitive. |
|
Package monitoring defines the structs and interfaces for monitoring primitives with Tink.
|
Package monitoring defines the structs and interfaces for monitoring primitives with Tink. |
|
Package prf contains utilities to calculate pseudo random function families.
|
Package prf contains utilities to calculate pseudo random function families. |
|
aescmacprf
Package aescmacprf provides key manager and keys definitions for AES-CMAC PRF.
|
Package aescmacprf provides key manager and keys definitions for AES-CMAC PRF. |
|
hkdfprf
Package hkdfprf provides the HKDF PRF key manager, key and parameters.
|
Package hkdfprf provides the HKDF PRF key manager, key and parameters. |
|
hmacprf
Package hmacprf provides an implementation of the HMAC PRF key manager.
|
Package hmacprf provides an implementation of the HMAC PRF key manager. |
|
subtle
Package subtle provides an implementation of PRFs like AES-CMAC.
|
Package subtle provides an implementation of PRFs like AES-CMAC. |
|
proto
|
|
|
Package secretdata provides access-controlled structs to wrap sensitive data.
|
Package secretdata provides access-controlled structs to wrap sensitive data. |
|
Package signature provides implementations of the Signer and Verifier primitives.
|
Package signature provides implementations of the Signer and Verifier primitives. |
|
ecdsa
Package ecdsa provides ECDSA keys and parameters definitions, and key managers.
|
Package ecdsa provides ECDSA keys and parameters definitions, and key managers. |
|
ed25519
Package ed25519 provides ED25519 keys and parameters definitions, and key managers.
|
Package ed25519 provides ED25519 keys and parameters definitions, and key managers. |
|
mldsa
Package mldsa provides ML-DSA keys and parameters definitions, and key managers.
|
Package mldsa provides ML-DSA keys and parameters definitions, and key managers. |
|
rsassapkcs1
Package rsassapkcs1 defines RSA-SSA-PKCS1 key managers, key and parameters.
|
Package rsassapkcs1 defines RSA-SSA-PKCS1 key managers, key and parameters. |
|
rsassapss
Package rsassapss defines RSASSA-PSS key managers.
|
Package rsassapss defines RSASSA-PSS key managers. |
|
slhdsa
Package slhdsa provides SLH-DSA keys and parameters definitions, and key managers.
|
Package slhdsa provides SLH-DSA keys and parameters definitions, and key managers. |
|
subtle
Package subtle provides subtle implementations of the digital signature primitive.
|
Package subtle provides subtle implementations of the digital signature primitive. |
|
Package streamingaead provides implementations of the streaming AEAD primitive.
|
Package streamingaead provides implementations of the streaming AEAD primitive. |
|
aesctrhmac
Package aesctrhmac provides a key manager for AES-CTR-HMAC streaming AEADs.
|
Package aesctrhmac provides a key manager for AES-CTR-HMAC streaming AEADs. |
|
aesgcmhkdf
Package aesgcmhkdf provides a key manager for AES-CTR-HMAC streaming AEADs.
|
Package aesgcmhkdf provides a key manager for AES-CTR-HMAC streaming AEADs. |
|
subtle
Package subtle provides subtle implementations of the Streaming AEAD primitive.
|
Package subtle provides subtle implementations of the Streaming AEAD primitive. |
|
subtle/noncebased
Package noncebased provides a reusable streaming AEAD framework.
|
Package noncebased provides a reusable streaming AEAD framework. |
|
Package subtle provides common methods needed in subtle implementations.
|
Package subtle provides common methods needed in subtle implementations. |
|
random
Package random provides functions that generate random numbers or bytes.
|
Package random provides functions that generate random numbers or bytes. |
|
testing
|
|
|
fakekms
Package fakekms provides a fake implementation of registry.KMSClient.
|
Package fakekms provides a fake implementation of registry.KMSClient. |
|
fakemonitoring
Package fakemonitoring provides a fake implementation of monitoring clients and loggers.
|
Package fakemonitoring provides a fake implementation of monitoring clients and loggers. |
|
insecuresecretdataaccesstest
Package insecuresecretdataaccesstest provides a utility function to obtain a insecuresecretdataaccess.Token value to use in tests.
|
Package insecuresecretdataaccesstest provides a utility function to obtain a insecuresecretdataaccess.Token value to use in tests. |
|
Package testkeyset provides for test code methods to read or write cleartext keyset material.
|
Package testkeyset provides for test code methods to read or write cleartext keyset material. |
|
Package testutil provides common methods needed in test code.
|
Package testutil provides common methods needed in test code. |
|
hybrid
Package hybrid provides HybridEncrypt/Decrypt primitive-specific test utilities.
|
Package hybrid provides HybridEncrypt/Decrypt primitive-specific test utilities. |
|
Package tink provides the abstract interfaces of the primitives supported by Tink.
|
Package tink provides the abstract interfaces of the primitives supported by Tink. |
Click to show internal directories.
Click to hide internal directories.