Skip to content

Releases: tink-crypto/tink-go

Tink Go 2.2.0

16 May 12:05
@kste kste
v2.2.0
63c71c2
Compare
Choose a tag to compare
Tink Go 2.2.0 Latest
Latest

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Go 2.2.0

To get started using Tink, see the setup guide.

What's new?

The complete list of changes since 2.1.0 can be found here.

  • Changed target Go language version to 1.21
  • Use the crypto/rsa Validate() method when instantiating keys via struct
    literals in the signature and jwt packages. Certain invalid keys (e.g.
    corrupted) will fail earlier, during primitive creation instead of during
    cryptographic operations.
  • encrypted keysets produced with keyset.NewBinaryWriter are now smaller,
    because the unused keyset_info metadata is not written anymore.
    keyset.NewJSONWriter is unchanged and still output this metadata.
  • Added Bzlmod support.
  • Upgraded dependencies:
    • golang.org/x/crypto => v0.17.0
    • google.golang.org/protobuf => v1.33.0
  • JWT keys that don't use TINK or RAW output prefix type are now rejected.
  • Removed the exported "Key" field in of several subtle primitives.
  • Added proto definitions to proto/.
  • Improved performance of Streaming AEAD implementations by reducing memory allocations.

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Go Tooling

go get github.com/tink-crypto/tink-go/[email protected]

Bazel

If you want to use Tink Go with Bazel, you should use bazel-gazelle. It can be also included as a Bazel-only dependency as follows:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "io_bazel_rules_go",
    integrity = "sha256-gKmCd60TEdrNg3+bFttiiHcC6fHRxMn3ltASGkbI4YQ=",
    urls = [
 "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.46.0/rules_go-v0.46.0.zip",
        "https://github.com/bazelbuild/rules_go/releases/download/v0.46.0/rules_go-v0.46.0.zip",
    ],
)

http_archive(
    name = "bazel_gazelle",
    integrity = "sha256-MpOL2hbmcABjA1R5Bj2dJMYO2o15/Uc5Vj9Q0zHLMgk=",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.35.0/bazel-gazelle-v0.35.0.tar.gz",
        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.35.0/bazel-gazelle-v0.35.0.tar.gz",
    ],
)

TINK_GO_VERSION="2.2.0"
TINK_GO_SHA256="fea1ff9ed06a7302e3496587834a53f91235085e45e3de03af80b897514b7a1b"

http_archive(
        name = "com_github_tink_crypto_tink_go_v2",
        urls = ["https://github.com/tink-crypto/tink-go/releases/download/v%s/tink-go-%s.zip" % (TINK_GO_VERSION, TINK_GO_VERSION)],
        strip_prefix = "tink-go-%s" % TINK_GO_VERSION,
        sha256 = TINK_GO_SHA256,
    )

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")

load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")

load("@com_github_tink_crypto_tink_go_v2//:deps.bzl", tink_go_dependencies="go_dependencies")

tink_go_dependencies()

#######################################
#
# Your project dependencies here.
#
#######################################

go_rules_dependencies()

go_register_toolchains(version = "1.21.8")

gazelle_dependencies()
Assets 3
Loading

Tink Go 2.1.0

04 Dec 13:32
@morambro morambro
v2.1.0
a313008
Compare
Choose a tag to compare
Tink Go 2.1.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Go 2.1.0

To get started using Tink, see the setup guide.

What's new?

The complete list of changes since 2.1.0 can be found here.

  • Prevented Hybrid Encryption keyset handles from returning AEAD primitives.
  • Restricted visibility of keyderivation/internal/streamingprf with Bazel.
  • Changed target Go language version to 1.20
  • testutil.DummyMAC.VerifyMAC now returns error if the mac is incorrect.
  • Fixed unsafe proto field acces in the aead, hybrid, mac, prf, signature, and
    streamingaead packages. This prevents panics when loading invalid keysets.
  • Made //aead/subtle:subtle public
  • Upgraded dependencies:
    • github.com/google/go-cmp => v0.6.0
    • golang.org/x/crypto => v0.14.0
    • google.golang.org/protobuf => v1.31.0
    • golang.org/x/sys => v0.13.0
      (commit)

Future work

To see what we're working towards, check our project roadmap.

Getting started

To get started using Tink, see the setup guide.

Go Tooling

go get github.com/tink-crypto/tink-go/[email protected]

Bazel

workspace(name = "example")

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "io_bazel_rules_go",
    sha256 = "6dc2da7ab4cf5d7bfc7c949776b1b7c733f05e56edc4bcd9022bb249d2e2a996",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
        "https://github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
    ],
)

http_archive(
    name = "bazel_gazelle",
    sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
    ],
)

http_archive(
    name = "com_github_tink_crypto_tink_go_v2",
    urls = ["https://github.com/tink-crypto/tink-go/releases/download/v2.1.0/tink-go-2.1.0.zip"],
    strip_prefix = "tink-go-2.1.0",
    sha256 = "84b4b233fb20b570812e61ccb134d230222b79d2fd765c1d57352a53d439d746",
)

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")

load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")

load("@com_github_tink_crypto_tink_go_v2//:deps.bzl", tink_go_dependencies="go_dependencies")

tink_go_dependencies()

#######################################
#
# Your project dependencies here.
#
#######################################

go_rules_dependencies()

go_register_toolchains(version = "1.20.10")

gazelle_dependencies()
Assets 3
Loading

Tink Go v2.0.0

22 Jun 08:03
@morambro morambro
v2.0.0
e4efe8d
Compare
Choose a tag to compare
Tink Go v2.0.0

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Go 2.0.0

What's new

This is the first release from https://github.com/tink-crypto/tink-go.

The complete list of changes since 1.7.0 can be found here.

  • Upgraded to use Bazel 6.0.0
  • Changed target Go language version to 1.19
  • Moved KMS extensions to separate modules:
  • Deprecations:
    • MemReaderWriter (commit)
    • insecurecleartextkeyset.KeysetHandle (commit)
    • testkeyset.KeysetHandle (commit)
  • Removed deprecated APIs/files:
    • NewWithKeyManager (commit)
    • tink_go_deps.bzl and tink_go_deps_init.bzl (commit)
    • Rotate (commit)
    • aead.NewKMSEnvelopeAEAD (commit)
    • signature.ECDSAP384KeyTemplate (commit)
  • Added support for RSA SSA PSS asymmetric signatures
  • Added support for JWT asymmetric signatures using RSA-SSA-PKCS1 (RS256,RS384,RS512) and RSA-SSA-PSS (PS256,PS384,PS512)
  • Performance improvements (especially for AEAD) by avoiding unneeded copies and memory allocations (commits: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13).
  • ​​Restricted KMS envelope AEAD to only use Tink AEAD key types as DEK (commit).
  • Added initial monitoring support. This is not yet part of the public API.
  • Added support for PRF-based key derivation using HKDF SHA-256 or HKDF SHA-512 PRF
  • Added API to store keyset entries in order to allow key derivation
  • Added/upgraded CI test scripts

Get Started

To get started using Tink, see the setup guide.

Go Tooling

go get github.com/tink-crypto/tink-go/[email protected]

Bazel

workspace(name = "example")

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "io_bazel_rules_go",
    sha256 = "6dc2da7ab4cf5d7bfc7c949776b1b7c733f05e56edc4bcd9022bb249d2e2a996",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
        "https://github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
    ],
)

http_archive(
    name = "bazel_gazelle",
    sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
    ],
)

http_archive(
    name = "com_github_tink_crypto_tink_go_v2",
    urls = ["https://github.com/tink-crypto/tink-go/archive/refs/tags/v2.0.0.zip"],
    strip_prefix = "tink-go-2.0.0",
    sha256 = "27f7446a29956173e10a65d0f71f7cd795ba3049b96fa5fae47333e06661ac2a",
)

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")

load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")

load("@com_github_tink_crypto_tink_go_v2//:deps.bzl", tink_go_dependencies="go_dependencies")

tink_go_dependencies()

#######################################
#
# Your project dependencies here.
#
#######################################

go_rules_dependencies()

go_register_toolchains(version = "1.19.9")

gazelle_dependencies()

> WARNING: KMS extensions are now published in separate repositories:
>  - https://github.com/tink-crypto/tink-go-awskms
>  - https://github.com/tink-crypto/tink-go-gcpkms
>  - https://github.com/tink-crypto/tink-go-hcvault
Assets 2
Loading