Google announced a new encryption library called Tink, which claims that Tink is designed to provide a secure, easy-to-use and misusable encryption API based on the existing encryption libraries BoringSSL and Java Cryptography Architecture, adding to the weaknesses found in the Project Wycheproof project.
This is not the first time Google has introduced a so-called easy-to-use encryption library. It released the Keyczar encryption library back in 2009 but stopped development a few years later.
- Tink is already being used to secure data of many products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc. After nearly two years of development, today we’re excited to announce Tink 1.2.0, the first version that supports cloud, Android, iOS, and more!
- Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.
- Tink aims to eliminate as many potential misuses as possible.
- Tink provides support for key management, including key rotation and phasing out deprecated ciphers.
- Tink is also extensible by design: it is easy to add a custom cryptographic scheme or an in-house key management system so that it works seamlessly with other parts of Tink. No part of Tink is hard to replace or remove. All components are composable, and can be selected and assembled in various combinations.