Page Summary
-
The tables provide a comprehensive overview of the cryptographic primitives supported by Tink across various programming languages, including Java, C++, Objective-C, Go, and Python.
-
Support for specific primitives can vary depending on the chosen language and underlying cryptographic library (e.g., BoringSSL, OpenSSL).
-
Tink offers a wide range of cryptographic capabilities, encompassing AEAD, Streaming AEAD, Deterministic AEAD, MAC, PRF, Signatures, Hybrid Encryption, and JWT support.
-
While most primitives are widely supported, some exceptions exist, such as limited AES-GCM functionality on older Android versions and the need for Conscrypt for AES-GCM-SIV in Java.
-
Developers should consult the tables to ensure their target language and platform support the required cryptographic primitives for their specific use case.
The following tables list the key types each primitive supports, classified by language.
AEAD
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
AES-GCM
|
yes 1 | yes | yes | yes | yes | yes |
|
AES-GCM-SIV
|
yes 2 | yes | no | no | yes | yes |
|
AES-CTR-HMAC
|
yes | yes | yes | yes | yes | yes |
|
AES-EAX
|
yes | yes | yes | yes | no | yes |
|
KMS Envelope
|
yes | yes | yes | no | yes | yes |
|
CHACHA20-POLY1305
|
yes | no | no | no | yes | no |
|
XCHACHA20-POLY1305
|
yes | yes | no | yes | yes | yes |
Streaming AEAD
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
AES-GCM-HKDF-STREAMING
|
yes | yes | yes | no | yes | yes |
|
AES-CTR-HMAC-STREAMING
|
yes | yes | yes | no | yes | yes |
Deterministic AEAD
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
AES-SIV
|
yes | yes | yes | yes | yes | yes |
MAC
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
HMAC-SHA2
|
yes | yes | yes | yes | yes | yes |
|
AES-CMAC
|
yes | yes | yes | yes | yes | yes |
PRF
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
HKDF-SHA2
|
yes | yes | yes | no | yes | yes |
|
HMAC-SHA2
|
yes | yes | yes | no | yes | yes |
|
AES-CMAC
|
yes | yes | yes | no | yes | yes |
Signature
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
ECDSA over NIST curves
|
yes | yes | yes | yes | yes | yes |
|
Ed25519
|
yes | yes | yes | yes | yes | yes |
|
RSA-SSA-PKCS1
|
yes | yes | yes | yes | yes | yes |
|
RSA-SSA-PSS
|
yes | yes | yes | yes | yes | yes |
Hybrid Encryption
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
HPKE
|
yes | yes | no | no | yes | yes |
|
ECIES with AEAD and HKDF
|
yes 3 | yes | yes | yes | yes | yes |
|
ECIES with DeterministicAEAD and HKDF
|
yes 4 | yes | yes | no | yes | yes |
JWT MAC
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
JWT HMAC-SHA2
|
yes | yes | yes | no | yes | yes |
JWT Signature
| Implementation | Java | C++ (BoringSSL) |
C++ (OpenSSL) |
Objective-C | Go | Python |
|---|---|---|---|---|---|---|
|
JWT ECDSA over NIST curves
|
yes | yes | yes | no | yes | yes |
|
JWT RSA-SSA-PKCS1
|
yes | yes | yes | no | yes | yes |
|
JWT RSA-SSA-PSS
|
yes | yes | yes | no | yes | yes |
