8

I have a key (say) "thisist0psecret" that I want to use as a symmetric encryption/decryption key with the Google Tink library. I am baffled that I am unable to do this simple thing. I can generate new keys (using various templates AES128_GCM, etc.), serialize them and then read them back with KeysetReader. But, for the life of me, I cannot figure out how to create a symmetric key with the specific key bytes that I specify.

I am able to do the following, for example, with Tink:

KeysetHandle ksh = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);
Aead aead = AeadFactory.getPrimitive(ksh);
String pt = "hello, world!";
byte[] encbytes = aead.encrypt(pt.getBytes(), null);
byte[] decbytes = aead.decrypt(encbytes, null);
String orig = new String(decbytes);
assert(pt.equals(orig));

But I want to set the symmetric key string to be a set of bytes that I specify such as "thisist0psecret" and then encrypt this key with the public key of the user who will do the decryption.

Any Google Tink experts here that can shed some light?

Pang
  • 8,605
  • 144
  • 77
  • 113
Will P.
  • 81
  • 1
  • 4
  • Looks interesting ... and almost undocumented. I'll play with it when I get home but I'm curious why you chose this library? – President James K. Polk Sep 04 '18 at 18:59
  • @JamesKPolk - Two reasons: First, the system we are designing has server + mobile app components - so we wanted to use crypto methods that were available on all those platforms (Tink is). In other words, we did not want to settle on some crypto methodology on the server end only to realize later that we don't have corresponding routines on the clients. The other reason: Google, of course, and their claim that they have architected their framework to address common crypto problems. – Will P. Sep 05 '18 at 22:20
  • I like some of crypto API philosophy I see, but there are also some troubling red flags in the maturity area. The repo page you link says "Disclaimer: Tink is not an officially supported Google product", and Google in the past has had no hesitation orphaning projects they lose interest in. Also, the Javadocs (which were hard to find) contain very minimal descriptions, again suggesting not a huge investment at least in the Java side. Finally, I searched online for password-based encryption using tlink and found basically one example repeated on a couple websites, and it was complete nonsense. – President James K. Polk Sep 05 '18 at 22:44
  • @JamesKPolk - you are correct. The credentials of some those who developed it are impeccable - and hence my interest along with the statement that tink is used internally inside google in a lot of their production systems. You are also correct that the web posts on example use of Tink by others is pretty pathetic. – Will P. Sep 05 '18 at 23:59
  • 5
    The disclaimer is a legal requirement for all Google open source projects. Tink is the standard crypto library at Google, it's here to stay as long as Google exists. – Thai Duong Sep 06 '18 at 04:10
  • Tink is relatively new, but it has been running in production at Google for many months. The documentation is not great, and we'd appreciate if you can tell us how we can improve. At the moment, https://github.com/google/tink/blob/master/docs/JAVA-HOWTO.md is the official guide for Java. – Thai Duong Sep 06 '18 at 04:15

1 Answers1

7

I'm the lead developer for Tink.

If your key is randomly generated, you can use the subtle API directly, see: https://github.com/google/tink/blob/master/java_src/src/main/java/com/google/crypto/tink/subtle/AesGcmJce.java.

This is not recommended because the subtle layer might change without notice (thought it's been relatively stable in the history of Tink).

If your key is a password you want to derive a key from it using something like Scrypt or PBKDF2. We haven't yet support native password-based encryption in Tink, please file a feature request and we'll see how we can help.

Thomas
  • 3,851
  • 2
  • 26
  • 30
Thai Duong
  • 148
  • 3
  • This is useful - thanks. Will try it. The other unanswered question is this: I also want to encrypt a secret K with the known public key. Hybrid encryption - though very convenient - does not work for our use case. – Will P. Sep 06 '18 at 08:16
  • Would love to have password-based encryption added to the mix. Also as I detail in the comment above, an ability to encrypt directly with the provided public key (as opposed to using hybrid encryption) will be very valuable (for our particular use case). I will file a feature request. – Will P. Sep 06 '18 at 08:24
  • What would you use the secret K for? If you use it to further encrypt some messages, then hybrid encryption is exactly what you need. It generates a random K for you. Even if you just want to encrypt a secret K alone, you should also use hybrid encryption because it can encrypt large K (if you use raw public key encryption, K must be much smaller). – Thai Duong Sep 08 '18 at 08:32
  • @ThaiDuong - What are your thoughts on Michael Fehr's [implementation of PBE using Tink](https://github.com/java-crypto/H-Google-Tink/blob/master/H%20Tink%20Textencryption%20PBE/TinkPbe.java)? He posted this implementation in a Tink [github issue](https://github.com/google/tink/issues/121) (feature request for PBE). He is not accessing the subtle API? – Vahid Pazirandeh Mar 21 '20 at 22:10