Google wants to ensure developers have the tools necessary to protect user data with the open-source release of Tink. This new project is a multi-language, cross-platform cryptographic library designed to ship secure cryptographic code.
“At Google, many product teams use cryptographic techniques to protect user data. In cryptography, subtle mistakes can have serious consequences, and understanding how to implement cryptography correctly requires digesting decades’ worth of academic literature. Needless to say, many developers don’t have time for that,” Thai Duong, information security engineer for Google, wrote in a post on behalf of the Tink team.
According to the company, Tink is already being used in its services like AdMob, Google Pay, Google Assistant, Firebase, and the Android Search App.
With the announcement of the open-source library, the team also announced Tink 1.2, a new version that supports cloud, Android and iOS. In addition, the latest release adds support for C++ and Objective-C. Operations the Tink library can perform include data encryption and digital signatures.
“Tink aims to provide cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse. Tink is built on top of existing libraries such as BoringSSL and Java Cryptography Architecture, but includes countermeasures to many weaknesses in these libraries, which were discovered by Project Wycheproof, another project from our team,” Duong wrote.
Other features include support for key management, ability to show claimed security properties, isolates APIs for potentially dangerous operations, and enables custom cryptographic schemes or in-house key management systems.