Encrypting data using Google Tink
Written by
Updated at January 26, 2024
Tink
It supports Java
Adding dependencies
Before you start, you need to add dependencies.
Java
Go
Add dependencies using Apache Maven
<dependency>
<groupId>com.yandex.cloud</groupId>
<artifactId>kms-provider-tink</artifactId>
<version>2.6</version>
</dependency>
Run this command:
go get github.com/yandex-cloud/kms-clients-go/yckmstink
Encryption and decryption
The code uses the following variables:
endpoint
:api.cloud.yandex.net:443
credentialProvider
orcredentials
: Determines the authentication method (for more information, see Authentication in the Yandex Cloud SDK).keyId
: ID of the key in KMSplaintext
: Unencrypted textciphertext
: Encrypted textaad
: AAD context
Java
Go
Create an Aead
AeadConfig.register();
KmsClients.add(new YcKmsClient(credentialProvider).withEndpoint(endpoint));
String keyUri = "yc-kms://" + keyId;
Aead kmsAead = KmsClients.get(keyUri).getAead(keyUri);
Aead aead = new KmsEnvelopeAead(AeadKeyTemplates.AES256_GCM, kmsAead);
...
byte[] ciphertext = aead.encrypt(plaintext, aad);
...
byte[] plaintext = aead.decrypt(ciphertext, aad);
Create an Aead
sdk, err := ycsdk.Build(context, ycsdk.Config{
Endpoint: endpoint,
Credentials: credentials,
})
if err != nil {...}
kmsAead := yckmstink.NewYCAEAD(keyId, sdk)
aead := aead.NewKMSEnvelopeAEAD(*aead.AES256GCMKeyTemplate(), kmsAead)
...
ciphertext, err := aead.Encrypt(plaintext, aad)
if err != nil {...}
...
plaintext, err := aead.Decrypt(ciphertext, aad)
if err != nil {...}