Google released its Cryptographic library Google Tink on August 2018, it was a multi-language, cross-platform cryptographic library. At present Google Tink Cryptography API supports the 4 fundamental cryptographic operations or primitives including Authenticated Encryption with Associated Data (AEAD), Message Authentication Code (MAC), Digital Signature (PublicKeySign and PublicKeyVerify), and Hybrid Encryption (HybridEncrypt and HybridDecrypt). In this Google Tink example, we will learn how to implement AEAD Primitive.
In order to use Google Tink Cryptography API we need to have the “tink-1.2.1.jar” and “protobuf-java-3.6.1.jar” dependencies added in your project.
If you are running on maven add the below dependency to your pom.xml
<dependency> <groupId>com.google.crypto.tink</groupId> <artifactId>tink</artifactId> <version>1.2.1</version> </dependency> <dependency> <groupId>com.google.protobuf</groupId> <artifactId>protobuf-java</artifactId> <version>3.6.1</version> </dependency>
Google Tink Example – Google Cryptography
Authenticated Encryption with Associated Data (AEAD) provides functionality of Symmetric Authenticated Encryption, where the same key is use for encryption as well as decryption. When encrypting a plaintext one can optionally provide associated data that should be authenticated but not encrypted.
In our below code, we will be encrypting the plain text “Google Cryptography – Google Tink Example” with the key “secretKey”.
package com.javainterviewpoint; import java.security.GeneralSecurityException; import com.google.crypto.tink.Aead; import com.google.crypto.tink.KeysetHandle; import com.google.crypto.tink.aead.AeadConfig; import com.google.crypto.tink.aead.AeadFactory; import com.google.crypto.tink.aead.AeadKeyTemplates; import com.google.crypto.tink.proto.KeyTemplate; public class GoogleTinkExample { public static void main(String[] args) throws GeneralSecurityException { // Initialize Aead through registration AeadConfig.register(); try { // Get the KeyTemplate [AES256_EAX] KeyTemplate keyTemplate = AeadKeyTemplates.AES256_EAX; // Generate KeySetHandle KeysetHandle keysetHandle = KeysetHandle.generateNew(keyTemplate); // Obtain the primitive Aead Aead aead = AeadFactory.getPrimitive(keysetHandle); String plaintext = "Google Cryptography - Google Tink Example"; String aad = "secretKey"; System.out.println("Before Encryption: " + plaintext); // Encrypting the plaintext byte[] ciphertext = aead.encrypt(plaintext.getBytes(), aad.getBytes()); System.out.println("Cipher:" + ciphertext.toString()); // Decrypting the plaintext byte[] decrypted = aead.decrypt(ciphertext, aad.getBytes()); String decryptedText = new String(decrypted); System.out.println("After Decryption: " + decryptedText); } catch (GeneralSecurityException e) { System.out.println(e); System.exit(1); } } }
- Tink provides customizable initialization and we can choose the specific implementations of primitive, in our we will be using AeadConfig implementation.
AeadConfig.register();
- If you need to use all the implementation of all the primitives then we need to use “TinkConfig”.
TinkConfig.register();
- We have used AES256_EAX as our KeyTemplate.
KeyTemplate keyTemplate = AeadKeyTemplates.AES256_EAX;
- Obtain the KeysetHandle instance by calling the generateNew() method passing the KeyTemplate.
KeysetHandle keysetHandle = KeysetHandle.generateNew(keyTemplate);
- We will get the Aead primitive by calling the getPrimitive() on top of AeadFactory passing the KeysetHandle.
Aead aead = AeadFactory.getPrimitive(keysetHandle);
- We can encrypt the plaintext by calling the encrypt() method on top of Aead class, we will be passing the plaintext and aad as the parameter.
byte[] ciphertext = aead.encrypt(plaintext.getBytes(), aad.getBytes());
- We will decrypt the ciphertext by calling the decrypt() method on top of Aead class, we will be passing the ciphertext and aad as the parameter.
byte[] decrypted = aead.decrypt(ciphertext, aad.getBytes());
Leave a Reply