Skip to content

Tink Go v2.0.0
Compare
Choose a tag to compare
@morambro morambro released this 22 Jun 08:03
· 387 commits to main since this release
v2.0.0
e4efe8d

Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.

This is Tink Go 2.0.0

What's new

This is the first release from https://github.com/tink-crypto/tink-go.

The complete list of changes since 1.7.0 can be found here.

  • Upgraded to use Bazel 6.0.0
  • Changed target Go language version to 1.19
  • Moved KMS extensions to separate modules:
  • Deprecations:
    • MemReaderWriter (commit)
    • insecurecleartextkeyset.KeysetHandle (commit)
    • testkeyset.KeysetHandle (commit)
  • Removed deprecated APIs/files:
    • NewWithKeyManager (commit)
    • tink_go_deps.bzl and tink_go_deps_init.bzl (commit)
    • Rotate (commit)
    • aead.NewKMSEnvelopeAEAD (commit)
    • signature.ECDSAP384KeyTemplate (commit)
  • Added support for RSA SSA PSS asymmetric signatures
  • Added support for JWT asymmetric signatures using RSA-SSA-PKCS1 (RS256,RS384,RS512) and RSA-SSA-PSS (PS256,PS384,PS512)
  • Performance improvements (especially for AEAD) by avoiding unneeded copies and memory allocations (commits: 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13).
  • ​​Restricted KMS envelope AEAD to only use Tink AEAD key types as DEK (commit).
  • Added initial monitoring support. This is not yet part of the public API.
  • Added support for PRF-based key derivation using HKDF SHA-256 or HKDF SHA-512 PRF
  • Added API to store keyset entries in order to allow key derivation
  • Added/upgraded CI test scripts

Get Started

To get started using Tink, see the setup guide.

Go Tooling

go get github.com/tink-crypto/tink-go/[email protected]

Bazel

workspace(name = "example")

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

http_archive(
    name = "io_bazel_rules_go",
    sha256 = "6dc2da7ab4cf5d7bfc7c949776b1b7c733f05e56edc4bcd9022bb249d2e2a996",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
        "https://github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
    ],
)

http_archive(
    name = "bazel_gazelle",
    sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
    urls = [
        "https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
        "https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
    ],
)

http_archive(
    name = "com_github_tink_crypto_tink_go_v2",
    urls = ["https://github.com/tink-crypto/tink-go/archive/refs/tags/v2.0.0.zip"],
    strip_prefix = "tink-go-2.0.0",
    sha256 = "27f7446a29956173e10a65d0f71f7cd795ba3049b96fa5fae47333e06661ac2a",
)

load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")

load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")

load("@com_github_tink_crypto_tink_go_v2//:deps.bzl", tink_go_dependencies="go_dependencies")

tink_go_dependencies()

#######################################
#
# Your project dependencies here.
#
#######################################

go_rules_dependencies()

go_register_toolchains(version = "1.19.9")

gazelle_dependencies()

> WARNING: KMS extensions are now published in separate repositories:
>  - https://github.com/tink-crypto/tink-go-awskms
>  - https://github.com/tink-crypto/tink-go-gcpkms
>  - https://github.com/tink-crypto/tink-go-hcvault
Assets 2
Loading