Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas...
Transcript of Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas...
![Page 1: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/1.jpg)
Confidential + ProprietaryConfidential + Proprietary
Tink: a cryptographic library
Bartosz Przydatek
joint work with Daniel Bleichenbacher and Thai Duong
with contributions by
Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee,Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others
slides from presentation at Real World Crypto 2019
1
![Page 2: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/2.jpg)
Confidential + Proprietary
Motivation
● cryptography is useful...
● ... but often difficult to use correctly
● complex APIs need in-depth expertise to be used safely
● focus of non-crypto developers is usually not on crypto
● simple mistakes can have serious consequences
Tink: a cryptographic library 2
![Page 3: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/3.jpg)
Confidential + Proprietary
Motivation: complex APIs: OpenSSL
int EVP_EncryptInit_ex(
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
Tink: a cryptographic library 3Tink: a cryptographic library
![Page 4: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/4.jpg)
Confidential + Proprietary
Motivation: complex APIs: OpenSSL
int EVP_EncryptInit_ex(
EVP_CIPHER_CTX *ctx, const EVP_CIPHER *type,
ENGINE *impl, unsigned char *key, unsigned char *iv);
int EVP_EncryptUpdate(EVP_CIPHER_CTX *ctx, unsigned char *out,int *outl, const unsigned char *in, int inl);
int EVP_EncryptFinal_ex(EVP_CIPHER_CTX *ctx, unsigned char *out, int *outl);
Tink: a cryptographic library 4Tink: a cryptographic library
![Page 5: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/5.jpg)
Confidential + Proprietary
Motivation: complex APIs: Crypto API NG
NTSTATUS BCryptEncrypt( BCRYPT_KEY_HANDLE hKey, PUCHAR pbInput, ULONG cbInput, VOID *pPaddingInfo, PUCHAR pbIV, ULONG cbIV, PUCHAR pbOutput, ULONG cbOutput, ULONG *pcbResult, ULONG dwFlags);
Tink: a cryptographic library 5Tink: a cryptographic library
![Page 6: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/6.jpg)
Confidential + Proprietary
Motivation: complex APIs: Java JCE
SecureRandom secureRandom = new SecureRandom();byte[] key = new byte[16];secureRandom.nextBytes(key);SecretKey secretKey = SecretKeySpec(key, "AES");
byte[] iv = new byte[IV_SIZE];secureRandom.nextBytes(iv);GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec);
// continued...
Tink: a cryptographic library 6Tink: a cryptographic library
![Page 7: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/7.jpg)
Confidential + Proprietary
Motivation: complex APIs: Java JCE
SecureRandom secureRandom = new SecureRandom();byte[] key = new byte[16];secureRandom.nextBytes(key);SecretKey secretKey = SecretKeySpec(key, "AES");
byte[] iv = new byte[IV_SIZE];secureRandom.nextBytes(iv);GCMParameterSpec parameterSpec = new GCMParameterSpec(128, iv);
Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");cipher.init(Cipher.ENCRYPT_MODE, secretKey, parameterSpec);
// continued...
7Tink: a cryptographic library
![Page 8: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/8.jpg)
Confidential + Proprietary
Motivation: complex APIs: Java JCE (cont.)
// continued...
byte[] ciphertext = new byte[IV_SIZE + plaintext.length + TAG_SIZE];System.arraycopy(iv, 0, ciphertext, 0, IV_SIZE);if (associatedData != null) { cipher.updateAAD(associatedData);}cipher.doFinal(plaintext, 0, plaintext.length, ciphertext, IV_SIZE);return ciphertext;
8Tink: a cryptographic library
![Page 9: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/9.jpg)
Confidential + Proprietary
Motivation: complex APIs: Java JCE (cont.)
// continued...
byte[] ciphertext = new byte[IV_SIZE + plaintext.length + TAG_SIZE];System.arraycopy(iv, 0, ciphertext, 0, IV_SIZE);if (associatedData != null) { cipher.updateAAD(associatedData);}cipher.doFinal(plaintext, 0, plaintext.length, ciphertext, IV_SIZE);return ciphertext;
9Tink: a cryptographic library
![Page 10: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/10.jpg)
Confidential + Proprietary
Motivation: ambiguous yet inextensible APIs
C++ Keyczar: Keyczar object can do “everything”class Keyczar { virtual bool Sign(...); virtual bool AttachedSign(...); virtual bool Verify(...); virtual bool AttachedVerify(...); virtual bool Encrypt(...); virtual bool Decrypt(...); // ... virtual bool IsAcceptablePurpose(KeyPurpose purpose);}
… yet this might still be not enough!
10Tink: a cryptographic library
![Page 11: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/11.jpg)
Confidential + Proprietary
Motivation: ambiguous yet inextensible APIs
Java Keyczar: one Encrypter for all encryptionpublic class Encrypter extends Keyczar {
public byte[] encrypt(byte[] input) { /*...*/ }
@Override boolean isAcceptablePurpose(KeyPurpose purpose)}
● Mixes public-key encryption and numerous flavours of
symmetric encryption
● Bound to a global KeyPurpose-enum
11Tink: a cryptographic library
![Page 12: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/12.jpg)
Confidential + Proprietary
Outline
● Tink design goals
● User’s perspective: primitives and keyset handles
● Tink core: keys, key managers, keysets, registry
● Key management features
● Readability & Auditability: security guarantees and configs
● Extensibility: custom implementations & custom primitives
● Current status and future plans
12Tink: a cryptographic library
![Page 13: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/13.jpg)
Confidential + Proprietary
Tink design goals
● Security
○ hard-to-misuse API
○ reuse of proven and well-tested libraries (project Wycheproof)
● Usability
○ simple & easy-to-use API
○ user can focus on the desired functionality
13Tink: a cryptographic library
![Page 14: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/14.jpg)
Confidential + Proprietary
Tink design goals (cont.)
● Readability and Auditability
○ functionality “visible” in code,
○ control over employed cryptographic schemes
● Extensibility
○ easy to add new functionalities, schemes, formats
○ support for local customizations
14Tink: a cryptographic library
![Page 15: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/15.jpg)
Confidential + Proprietary
Tink design goals (cont.)
● Agility
○ built-in key rotation
○ support for deprecation of obsolete/broken schemes
● Interoperability
○ available in many languages and on many platforms
○ integration with external services (e.g. KMS)
15Tink: a cryptographic library
![Page 16: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/16.jpg)
Confidential + Proprietary
User’s perspective: Primitives
Primitive: an abstract representation of a crypto functionality
● defines functionality in a form of an interface
● not bound to any specific implementation or a global enum
● (official) implementations come with security guarantees
16Tink: a cryptographic library
![Page 17: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/17.jpg)
Confidential + Proprietary
User’s perspective: MAC primitive
Message Authentication Code (MAC)
public interface Mac {
byte[] computeMac(final byte[] data) throws …
void verifyMac(final byte[] mac, final byte[] data) throws…
}
17Tink: a cryptographic library
![Page 18: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/18.jpg)
Confidential + Proprietary
User’s perspective: AEAD primitive
Authenticated Encryption with Associated Data (AEAD)
public interface Aead {
byte[] encrypt(final byte[] plaintext, final byte[] associatedData)
throws…
byte[] decrypt(final byte[] ciphertext, final byte[] associatedData)
throws…
}
18Tink: a cryptographic library
![Page 19: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/19.jpg)
Confidential + Proprietary
User’s perspective: Streaming AEAD primitive
public interface StreamingAead {
OutputStream newEncryptingStream(OutputStream ciphertextDestination,
byte[] associatedData) throws…
InputStream newDecryptingStream(InputStream ciphertextSource,
byte[] associatedData) throws…
/* ... */
}
19Tink: a cryptographic library
![Page 20: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/20.jpg)
Confidential + Proprietary
User’s perspective: AEAD primitive in action
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
// 1. Generate or retrieve the key material.
KeysetHandle keysetHandle = ...;
// 2. Get the primitive.
Aead aead = keysetHandle.getPrimitive(Aead.class);
// 3. Use the primitive to encrypt a plaintext,
byte[] ciphertext = aead.encrypt(plaintext, aad);
20Tink: a cryptographic library
![Page 21: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/21.jpg)
Confidential + Proprietary
User’s perspective: AEAD primitive in action
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.aead.AeadKeyTemplates;
// 1. Generate or retrieve the key material.
KeysetHandle keysetHandle =
KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);
// 2. Get the primitive.
Aead aead = keysetHandle.getPrimitive(Aead.class);
// 3. Use the primitive to encrypt a plaintext,
byte[] ciphertext = aead.encrypt(plaintext, aad);
21Tink: a cryptographic library
![Page 22: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/22.jpg)
Confidential + Proprietary
User’s perspective: AEAD primitive in action
import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.integration.android.AndroidKeysetManager;
// 1. Generate or retrieve the key material.
AndroidKeysetManager keysetManager = AndroidKeysetManager.Builder()...;
KeysetHandle keysetHandle = keysetManager.getKeysetHandle();
// 2. Get the primitive.
Aead aead = keysetHandle.getPrimitive(Aead.class);
// 3. Use the primitive to encrypt a plaintext,
byte[] ciphertext = aead.encrypt(plaintext, aad);
22Tink: a cryptographic library
![Page 23: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/23.jpg)
Confidential + Proprietary
Tink core: keys
Key: a container for cryptographic key material and params
● identified by a string: key type (a.k.a. type url), e.g.
"type.googleapis.com/google.crypto.tink.AesGcmKey"
● implemented as a protocol buffer:
message AesGcmKey { uint32 version; bytes key_value;}
23Tink: a cryptographic library
![Page 24: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/24.jpg)
Confidential + Proprietary
Tink core: key managers
Key Manager: a manager for keys of a specific key type, “knows” which primitive corresponds to the key type, e.g.
class AesGcmKeyManager implements KeyManager<Aead> { @Override public Aead getPrimitive(aesGcmKey) {...};
@Override public AesGcmKey newKey(aesGcmKeyFormat) {...};
/* ... */}
24Tink: a cryptographic library
![Page 25: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/25.jpg)
Confidential + Proprietary
Tink core: keys and key managers
key type: "...tink.AesGcmKey"message AesGcmKey { ... }
key type: "...tink.AesEaxKey"message AesEaxKey { ... }
key type: "...tink.HmacKey"message HmacKey { ... }
key type: "...tink.AesCtrHmacKey"message AesCtrHmacKey { ... }
class AesGcmKeyManagerimplements KeyManager<Aead>
class AesEaxKeyManagerimplements KeyManager<Aead>
class AesCtrHmacManagerimplements KeyManager<Aead>
class HmacKeyManagerimplements KeyManager<Mac>
25Tink: a cryptographic library
![Page 26: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/26.jpg)
Confidential + Proprietary
Tink core: keyset and keyset handle
● Keyset: a collection of keys
○ all keys in a keyset correspond to a single primitive
○ primary tool for key rotation
● Keyset Handle: a wrapper around a Keyset
○ restricts access to key material and other sensitive data
26Tink: a cryptographic library
![Page 27: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/27.jpg)
Confidential + Proprietary
KeysetHandle
Keyset
Tink core: keyset and keyset handle example
key #1: AesGcmKey { ... }
key #2: AesEaxKey { ... }
key #3: AesGcmKey { ... }
key #4: AesCtrHmacKey { ... }
Aead
Aead
Aead
Aead
27Tink: a cryptographic library
![Page 28: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/28.jpg)
Confidential + Proprietary
Tink core: Registry
Registry: a container for key managers used by an application
● A mapping from key type to a key manager object
● Initialized at startup
○ automatically: TinkConfig.register()
○ .. or manually: Registry.registerKeyManager(...)
● The foundation of obtaining Primitives
○ indirectly via KeysetHandle.getPrimitive(...)
○ or directly: Registry.getPrimitive(...)
28Tink: a cryptographic library
![Page 29: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/29.jpg)
Confidential + Proprietary
Tink core: Registry
key type: "...tink.AesGcmKey"
key type: "...tink.AesEaxKey"
key type: "...tink.HmacKey"
key type: "...tink.AesCtrHmacKey"
class AesGcmKeyManagerimplements KeyManager<Aead>
class AesEaxKeyManagerimplements KeyManager<Aead>
class AesCtrHmacManagerimplements KeyManager<Aead>
class HmacKeyManagerimplements KeyManager<Mac>
29Tink: a cryptographic library
![Page 30: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/30.jpg)
Confidential + Proprietary
Key management features: key rotation
Key rotation via keysets
● a distinguished primary key
for creation of crypto data
(ciphertexts, signatures, …)
● matching of crypto data with
a suitable key in a keyset
● disabling of obsolete keys
Keyset
key #1: AesGcmKey { ... }
key #2: AesEaxKey { ... }
key #3: AesGcmKey { ... }
key #4: AesCtrHmacKey { ... }
Aead
Aead
Aead
Aead
30Tink: a cryptographic library
![Page 31: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/31.jpg)
Confidential + Proprietary
Key management features (cont.)
● Uniform handling of external keys (KMS, HSM, …)
○ “key” in a keyset contains only a reference to KMS
○ a keyset can contain both external and regular keys
● Gradual deprecation of cryptographic schemes
○ can forbid creation of new keys of deprecated schemes
31Tink: a cryptographic library
![Page 32: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/32.jpg)
Confidential + Proprietary
Readability & Auditability
● Implementations of Primitives guarantee properties
Aead aead = handle1.getPrimitive(Aead.class);
byte[] ciphertext1 = aead.encrypt(plaintext1, associatedData);
HybridEncrypt hybridEncrypt = handle2.getPrimitive(HybridEncrypt.class);
byte[] ciphertext2 = hybridEncrypt.encrypt(plaintext2, contextInfo);
● Registry and Configs
○ full control over Primitives and their implementations
○ stats about usage of cryptographic schemes (planned)
32Tink: a cryptographic library
![Page 33: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/33.jpg)
Confidential + Proprietary
Extensibility
● Custom key types and implementations of Tink primitives
● Definition and implementation of custom primitives
● Registry, keysets, key rotation, etc. work as with standard
components
33Tink: a cryptographic library
![Page 34: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/34.jpg)
Confidential + Proprietary
Extensibility: custom implementation of AEAD
● Define custom key type type.googleapis.com/my.org.MyCustomKey
message MyCustomKey { | message MyCustomKeyFormat {
uint32 version; | // params for generating new keys
// custom fields and params | }
} |
● Implement key manager for the custom key typeclass MyCustomKeyManager
extends KeyManagerBase<Aead, MyCustomKey, MyCustomKeyFormat> {...}
● Register the custom key manager.
34Tink: a cryptographic library
![Page 35: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/35.jpg)
Confidential + Proprietary
Extensibility: custom primitives
● Define the interface of the custom primitive public interface MyPrimitive {
byte[] computeSomeCryptoData(final byte[] input)
throws GeneralSecurityException;
}
● Implement a primitive wrapper and register itclass MyPrimitiveWrapper implements PrimitiveWrapper<MyPrimitive> {
@Override
public MyPrimitive wrap(final PrimitiveSet<MyPrimitive> pset);
}
● Implement key manager(s) & use them as for Tink primitives
35Tink: a cryptographic library
![Page 36: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/36.jpg)
Confidential + Proprietary
Current status and future plans
Tink is open-sourced on GitHub: github.com/google/tink
● Supported Primitives:
○ Message Authentication Codes (MAC)
○ Authenticated Encryption with Associated Data (AEAD)
○ Deterministic AEAD
○ Streaming AEAD
○ Digital Signatures: PublicKeySign and PublicKeyVerify
○ Hybrid Encryption: HybridEncrypt and HybridDecrypt
36Tink: a cryptographic library
![Page 37: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/37.jpg)
Confidential + Proprietary
Current status and future plans (cont.)
● Supported languages
○ current: Java, C++, Objective C
○ in preparation: Go, JavaScript, Python
○ open-source community driven: PHP
● Integration with KMS offerings
○ Java: AWS KMS, Google Cloud KMS, Android Keystore
○ Objective C: Apple Keychain
○ C++ (in preparation): AWS KMS, Google Cloud KMS
37Tink: a cryptographic library
![Page 38: Erhan Nergiz, Quan Nguyen Veronika Slívová, and others ......Haris Andrianakis, Thanh Bui, Thomas Holenstein, Charles Lee, Erhan Nergiz, Quan Nguyen, Veronika Slívová, and others](https://reader035.fdocuments.in/reader035/viewer/2022081411/60af841c98257d054b1df9a7/html5/thumbnails/38.jpg)
Confidential + Proprietary
Summary
● Tink: crypto as a tool for non-crypto developers
● Multiple languages, multiple platforms
● Secure, simple, w/ key rotation, readable, extensible, …
● … and much more (not in the talk): thread safety, protections
against side-channel attacks, efficiency, versioning, ...
● Open-source, external contributions are very welcome!
38Tink: a cryptographic library