Google announced yesterday the release of a new version of its multi-language, cross-platform cryptographic library, named, Tink 1.2.0 to secure data. Earlier versions of Tink are already in use by Google to secure data of their products such as AdMob, Google Pay, Google Assistant, Firebase, the Android Search App, etc.
Tink 1.2.0 is built on top of libraries such as BoringSSL, and Java Cryptography Architecture. It comprises cryptographic APIs that are secure, easy to use, and hard to misuse.
With Tink 1.2.0, it is easy to perform cryptographic operations like data encryption, digital signatures, etc, as it requires only a few lines of code. It focuses on eliminating as many data misuses as possible. For instance, if the encryption mode needs nonces and reusing nonces would make the encryption mode less secure, then Tink does not allow the user to pass nonces.
Tink 1.2.0 also indicates security properties (e.g., safe against chosen-ciphertext attacks) directly in interfaces. This enables security auditors and automated tools to quickly discover usages where security guarantees don’t align with the security requirements. It provides support for key management, which includes, key rotation and phasing out of deprecated ciphers.
Other than that, Tink 1.2.0 is customizable. This means that it is easy to add a custom cryptographic scheme or an in-house key management system that can work seamlessly with other parts of Tink. All the parts of Tink are easily removable as well as compostable.
The components in Tink 1.2.0 can be selected and assembled in various combinations. As an example, if only digital signatures are needed, then symmetric key encryption components can be excluded to reduce the code size in your application.
For more information, check out the official Google blog.