Google to Introduce Tink Cryptographic Library

Google already uses Tink in projects like AdMob, Google Pay, Google Assistant, Firebase and the Android Search App
31 August 2018   856

Google introduced the open cryptographic library called Tink with support for Java, C ++ and Objective-C, as well as experimental support for Go and JavaScript. Product primitives use theĀ BoringSSL and the Java Cryptography Architecture framework.

Even small errors in the use of cryptographic methods can have serious consequences, and they are carefully study for decades. Many developers do not have so much time, so when creating a new tool, the company tried to reduce the number of potential errors with cryptographic APIs. Google already uses Tink in projects like AdMob, Google Pay, Google Assistant, Firebase and the Android Search App.

These primitives are used in the core of the library:

  • AEAD (Authenticated Encryption with Associated Data) for symmetric encryption of blocks and data streams over a fixed key. The tool does not require the definition of specific algorithms and their parameters. With it, you can quickly perform encryption and decryption operations:
    import com.google.crypto.tink.Aead;
     import com.google.crypto.tink.KeysetHandle;
     import com.google.crypto.tink.aead.AeadFactory;
     import com.google.crypto.tink.aead.AeadKeyTemplates;
     // 1. Generate the key material.
     KeysetHandle keysetHandle = KeysetHandle.generateNew(
     AeadKeyTemplates.AES256_EAX);
     // 2. Get the primitive.
     Aead aead = AeadFactory.getPrimitive(keysetHandle);
     // 3. Use the primitive.
     byte[] plaintext = ...;
     byte[] additionalData = ...;
     byte[] ciphertext = aead.(plaintext, additionalData);
  • The MAC (Message Authentication Codes) provides message authentication codes.

In Tink, there are functions for creating a digital signature and its verification, as well as the functions of fast hybrid encryption.

Features of work
Each primitive supports stateless mode operation, secure copy operations and the use of keys with a length of 128 bits. The library automatically blocks potentially unsafe operations, for example, downloading keys from unencrypted files on the disk. Tink provides an API for rotating keys and interacting with external key management systems: Google Cloud KMS, Amazon KMS, Android Keystore and Apple iOS KeyChain.

The library has a modular architecture, allows you to connect custom primitives and replace them with existing code files without changing the final applications. From Tink, you can exclude part of the tools. For example, if the program only uses digital signature verification, you can remove symmetric encryption components to reduce the application code size.

In August 2018, the creators of the VPN protocol, WireGuard, announced the creation of the Zinc cryptographic library, which, upon introduction into the core Linux kernel, will accelerate the process of data encryption through a simplified set of crypto algorithms.

Oracle to Announce Java SE 11 & Java Development Kit 11

As reported, support for Java 8 will end in December 2020, and Java 10 won't receive any updates
27 September 2018   524

Oracle developers announced the release of the Java 11 standard and its implementation of the JDK (Java Development Kit) with a long support period up to 2026. It is fully compatible with previous versions. Support for Java 8 will end in December 2020, and Java 10 won't receive any updates.

New in Java SE 11

  • Nest-Based Access Control system implemented
  • The .class format is complemented by the support for the CONSTANT_Dynamic forms, which are loaded by the creation of constants to the bootstrap method.
  • Added support for the latest version of the transport layer security protocol - TLS 1.3. It accelerates the loading of mobile web pages, and also filters out old, vulnerable cryptographic primitives, replacing them with more complex encryption algorithms.
  • Standardized support for the HTTP Client API, introduced in the Java 9 incubator.
  • Epsilon garbage collector is launched in a test mode.
  • The Java EE and CORBA modules are removed from the JDK and the Java SE platform, and the Nashorn engine and the Pack200 tools are declared obsolete.
  • The JavaFX module is excluded from the kernel and is shipped separately.
  • Existing APIs are updated to support the Unicode 10 format.
  • Added tools for streaming low-level data on errors and problems.
  • Added the ability to run single-file programs that contain the source code.

More information about the changes can be found on the Release Notes page of JDK 11.

The previous, intermediate version of the standard and JDK 10 came out in March 2018. A set of development tools has received three new variants of Java virtual machines, the sharing of application classes and the support of the experimental Just-in-Time compiler on Linux / x64.