1*e7b1675dSTing-Kang Chang# Hacking Tink for Java and Android 2*e7b1675dSTing-Kang Chang 3*e7b1675dSTing-Kang Chang## Building Tink 4*e7b1675dSTing-Kang Chang 5*e7b1675dSTing-Kang Chang* Install [Bazel](https://docs.bazel.build/versions/master/install.html). 6*e7b1675dSTing-Kang Chang 7*e7b1675dSTing-Kang Chang* To build Java, install Android SDK 23 or newer and set the ANDROID_HOME 8*e7b1675dSTing-Kang Chang environment variable to the path of your Android SDK. On macOS, the SDK is 9*e7b1675dSTing-Kang Chang usually installed at `/Users/username/Library/Android/sdk/`. You also need 10*e7b1675dSTing-Kang Chang Android SDK Build Tools 24.0.3 or newer. 11*e7b1675dSTing-Kang Chang 12*e7b1675dSTing-Kang Chang* The javadoc targets require using JDK 8. 13*e7b1675dSTing-Kang Chang 14*e7b1675dSTing-Kang Chang* Check out the source code, navigate to the Java Bazel workspace and execute 15*e7b1675dSTing-Kang Chang all test targets in the project: 16*e7b1675dSTing-Kang Chang 17*e7b1675dSTing-Kang Chang```shell 18*e7b1675dSTing-Kang Changgit clone https://github.com/google/tink 19*e7b1675dSTing-Kang Changcd tink/java_src 20*e7b1675dSTing-Kang Changbazel test ... 21*e7b1675dSTing-Kang Chang``` 22*e7b1675dSTing-Kang Chang 23*e7b1675dSTing-Kang Chang## Code structure 24*e7b1675dSTing-Kang Chang 25*e7b1675dSTing-Kang Chang### Java packages 26*e7b1675dSTing-Kang Chang 27*e7b1675dSTing-Kang Chang* **com.google.crypto.tink** This package consists of only the core of Tink, 28*e7b1675dSTing-Kang Chang including the primitive interfaces and key management APIs. Users that 29*e7b1675dSTing-Kang Chang [develop their own primitives or key 30*e7b1675dSTing-Kang Chang types](JAVA-HOWTO.md#custom-implementation-of-a-primitive) 31*e7b1675dSTing-Kang Chang can depend only on this package and exclude the rest. 32*e7b1675dSTing-Kang Chang 33*e7b1675dSTing-Kang Chang * internal dependencies: none 34*e7b1675dSTing-Kang Chang * external dependencies 35*e7b1675dSTing-Kang Chang * com.google.protobuf.ByteString 36*e7b1675dSTing-Kang Chang * com.google.protobuf.MessageLite 37*e7b1675dSTing-Kang Chang * javax.annotation.concurrent.GuardedBy 38*e7b1675dSTing-Kang Chang * com.google.gson.JsonArray; 39*e7b1675dSTing-Kang Chang * com.google.gson.JsonObject; 40*e7b1675dSTing-Kang Chang * com.google.gson.JsonParseException; 41*e7b1675dSTing-Kang Chang * com.google.gson.JsonParser; 42*e7b1675dSTing-Kang Chang * com.google.gson.internal.Streams; 43*e7b1675dSTing-Kang Chang * com.google.gson.stream.JsonReader; 44*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: yes 45*e7b1675dSTing-Kang Chang 46*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.aead|daead|mac|signature|hybrid|streamingaead** 47*e7b1675dSTing-Kang Chang These packages contain the public APIs exposing the primitives that Tink 48*e7b1675dSTing-Kang Chang supports. 49*e7b1675dSTing-Kang Chang 50*e7b1675dSTing-Kang Chang * internal dependencies 51*e7b1675dSTing-Kang Chang * com.google.crypto.tink 52*e7b1675dSTing-Kang Chang * com.google.crypto.tink.subtle 53*e7b1675dSTing-Kang Chang * com.google.crypto.tink.proto 54*e7b1675dSTing-Kang Chang * external dependencies 55*e7b1675dSTing-Kang Chang * com.google.protobuf.ByteString 56*e7b1675dSTing-Kang Chang * com.google.protobuf.MessageLite 57*e7b1675dSTing-Kang Chang * javax.annotation.concurrent.GuardedBy 58*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: yes 59*e7b1675dSTing-Kang Chang 60*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.integration.gcpkms** This package allows users to 61*e7b1675dSTing-Kang Chang store keys in [Google Cloud Key Management 62*e7b1675dSTing-Kang Chang System](https://cloud.google.com/kms/). 63*e7b1675dSTing-Kang Chang 64*e7b1675dSTing-Kang Chang * internal dependencies 65*e7b1675dSTing-Kang Chang * com.google.crypto.tink 66*e7b1675dSTing-Kang Chang * com.google.crypto.tink.subtle 67*e7b1675dSTing-Kang Chang * external dependencies 68*e7b1675dSTing-Kang Chang * com.google.api.services.cloudkms.v1 69*e7b1675dSTing-Kang Chang * com.google.api.client.googleapis.auth.oauth2.GoogleCredential 70*e7b1675dSTing-Kang Chang * com.google.api.client.http.javanet.NetHttpTransport 71*e7b1675dSTing-Kang Chang * com.google.api.client.json.jackson2.JacksonFactory 72*e7b1675dSTing-Kang Chang * com.google.auto.service.AutoService 73*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: yes 74*e7b1675dSTing-Kang Chang 75*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.integration.awskms** This package allows users to 76*e7b1675dSTing-Kang Chang store keys in [AWS Key Management System](https://aws.amazon.com/kms/). 77*e7b1675dSTing-Kang Chang 78*e7b1675dSTing-Kang Chang * internal dependencies 79*e7b1675dSTing-Kang Chang * com.google.crypto.tink 80*e7b1675dSTing-Kang Chang * com.google.crypto.tink.subtle 81*e7b1675dSTing-Kang Chang * external dependencies 82*e7b1675dSTing-Kang Chang * com.amazonaws.AmazonServiceException 83*e7b1675dSTing-Kang Chang * com.amazonaws.auth.AWSCredentialsProvider 84*e7b1675dSTing-Kang Chang * com.amazonaws.auth.DefaultAWSCredentialsProviderChain 85*e7b1675dSTing-Kang Chang * com.amazonaws.auth.PropertiesFileCredentialsProvider 86*e7b1675dSTing-Kang Chang * com.amazonaws.services.kms 87*e7b1675dSTing-Kang Chang * com.google.auto.service.AutoService 88*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: yes 89*e7b1675dSTing-Kang Chang 90*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.integration.android** This package allows Android 91*e7b1675dSTing-Kang Chang users to store keys in private preferences, wrapped with master key in 92*e7b1675dSTing-Kang Chang [Android 93*e7b1675dSTing-Kang Chang Keystore](https://developer.android.com/training/articles/keystore.html). 94*e7b1675dSTing-Kang Chang The integration with Android Keystore only works on Android M (API level 23) 95*e7b1675dSTing-Kang Chang or higher. 96*e7b1675dSTing-Kang Chang 97*e7b1675dSTing-Kang Chang * internal dependencies 98*e7b1675dSTing-Kang Chang * com.google.crypto.tink 99*e7b1675dSTing-Kang Chang * com.google.crypto.tink.subtle 100*e7b1675dSTing-Kang Chang * external dependencies 101*e7b1675dSTing-Kang Chang * Android SDK 23 or higher 102*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: yes 103*e7b1675dSTing-Kang Chang 104*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.subtle** This package contains implementations of 105*e7b1675dSTing-Kang Chang primitives. Aside from the primitive interfaces, this package is not allowed 106*e7b1675dSTing-Kang Chang to depend on anything else in Tink. Users should never directly depend on 107*e7b1675dSTing-Kang Chang this package. 108*e7b1675dSTing-Kang Chang 109*e7b1675dSTing-Kang Chang * internal dependencies 110*e7b1675dSTing-Kang Chang * com.google.crypto.tink.Aead 111*e7b1675dSTing-Kang Chang * com.google.crypto.tink.DeterministicAead 112*e7b1675dSTing-Kang Chang * com.google.crypto.tink.HybridDecrypt 113*e7b1675dSTing-Kang Chang * com.google.crypto.tink.HybridEncrypt 114*e7b1675dSTing-Kang Chang * com.google.crypto.tink.Mac 115*e7b1675dSTing-Kang Chang * com.google.crypto.tink.StreamingAead 116*e7b1675dSTing-Kang Chang * com.google.crypto.tink.PublicKeySign 117*e7b1675dSTing-Kang Chang * com.google.crypto.tink.PublicKeyVerify 118*e7b1675dSTing-Kang Chang * external dependencies 119*e7b1675dSTing-Kang Chang * javax.annotation.concurrent.GuardedBy 120*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: no 121*e7b1675dSTing-Kang Chang 122*e7b1675dSTing-Kang Chang* **com.google.crypto.tink.proto** This package contains protobuf 123*e7b1675dSTing-Kang Chang auto-generated Java code. Users should never directly depend on this 124*e7b1675dSTing-Kang Chang package. 125*e7b1675dSTing-Kang Chang 126*e7b1675dSTing-Kang Chang * internal dependencies: none 127*e7b1675dSTing-Kang Chang * external dependencies: none 128*e7b1675dSTing-Kang Chang * API backward-compatibility guarantee: no 129*e7b1675dSTing-Kang Chang 130*e7b1675dSTing-Kang Chang### Bazel targets 131*e7b1675dSTing-Kang Chang 132*e7b1675dSTing-Kang Chang* **//java** This public target exports all public APIs, except 133*e7b1675dSTing-Kang Chang com.google.crypto.tink.integration.android and 134*e7b1675dSTing-Kang Chang com.google.crypto.tink.CleartextKeysetHandle. It is expected to run on 135*e7b1675dSTing-Kang Chang servers, not Android. 136*e7b1675dSTing-Kang Chang 137*e7b1675dSTing-Kang Chang* **//java:android** Similar to java, but this public target adds 138*e7b1675dSTing-Kang Chang com.google.crypto.tink.integration.android, and removes 139*e7b1675dSTing-Kang Chang com.google.crypto.tink.integration.gcpkms and 140*e7b1675dSTing-Kang Chang com.google.crypto.tink.integration.awskms. To build it, one needs Android 141*e7b1675dSTing-Kang Chang SDK 23 or newer. 142*e7b1675dSTing-Kang Chang 143*e7b1675dSTing-Kang Chang* **//java:subtle** This restricted target exposes 144*e7b1675dSTing-Kang Chang com.google.crypto.tink.subtle. It's restricted because most users are 145*e7b1675dSTing-Kang Chang supposed not to use it directly. 146*e7b1675dSTing-Kang Chang 147*e7b1675dSTing-Kang Chang* **//java:cleartext_keyset_handle** and 148*e7b1675dSTing-Kang Chang **//java:cleartext_keyset_handle_android** This restricted target exposes 149*e7b1675dSTing-Kang Chang com.google.crypto.tink.CleartextKeysetHandle. It's restricted because it 150*e7b1675dSTing-Kang Chang allows users to read cleartext keysets from disk, which is a bad practice. 151*e7b1675dSTing-Kang Chang 152*e7b1675dSTing-Kang Chang* **//java:protos** and **//java:protos_android** This restricted target 153*e7b1675dSTing-Kang Chang exposes com.google.crypto.tink.proto. It's restricted because most users are 154*e7b1675dSTing-Kang Chang supposed not to use it directly. 155*e7b1675dSTing-Kang Chang 156*e7b1675dSTing-Kang Chang### Maven jars 157*e7b1675dSTing-Kang Chang 158*e7b1675dSTing-Kang Chang* **[com.google.crypto.tink:tink](https://mvnrepository.com/artifact/com.google.crypto.tink/tink)** 159*e7b1675dSTing-Kang Chang includes //java and //java:cleartext_keyset_handle. 160*e7b1675dSTing-Kang Chang 161*e7b1675dSTing-Kang Chang* **[com.google.crypto.tink:tink-android](https://mvnrepository.com/artifact/com.google.crypto.tink/tink-android)** 162*e7b1675dSTing-Kang Chang includes //java:android and //java:cleartext_keyset_handle_android 163