Tink is a multi-language, cross-platform library that provides simple and misuse-proof APIs for common cryptographic tasks.
This is Tink Go Google Cloud Extension 2.2.0
What's new
The complete list of changes since 2.1.0 can be found here.
Added integrity verification to KMS GCP AEAD following best practices. Specifically, the Encrypt and Decrypt methods of gcpAEAD:
- Populate the integrity verification fields in the requests they send to
KMS. - Verify the checksums in the KMS responses. While we don't expect this
change to break any code that is executing against GCP KMS (since GCP
KMS always populates integrity verification fields), there is a
possibility that it will break testing code if the tests use a KMS fake
or mock that does not populate the response integrity verification
fields appropriately.
Get started
To get started using Tink, see the setup guide.
Go tooling
go get github.com/tink-crypto/tink-go-gcpkms/[email protected]Bazel
workspace(name = "example")
load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")
# Release X.25.2 from 2024-01-09.
http_archive(
name = "com_google_protobuf",
sha256 = "5e8e2b369a6fcaa24fada21135782eef147aec467cd286c108936a3277e88d2b",
strip_prefix = "protobuf-25.2",
urls = ["https://github.com/protocolbuffers/protobuf/releases/download/v25.2/protobuf-25.2.zip"],
)
# Release from 2023-04-20
http_archive(
name = "io_bazel_rules_go",
sha256 = "6dc2da7ab4cf5d7bfc7c949776b1b7c733f05e56edc4bcd9022bb249d2e2a996",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
"https://github.com/bazelbuild/rules_go/releases/download/v0.39.1/rules_go-v0.39.1.zip",
],
)
# Release from 2023-01-14
http_archive(
name = "bazel_gazelle",
sha256 = "ecba0f04f96b4960a5b250c8e8eeec42281035970aa8852dda73098274d14a1d",
urls = [
"https://mirror.bazel.build/github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
"https://github.com/bazelbuild/bazel-gazelle/releases/download/v0.29.0/bazel-gazelle-v0.29.0.tar.gz",
],
)
# [Optional]: tink-go is imported as a go_repository by tink_go_gcpkms_dependencies.
# this is needed only if the user wants to pin to a specific commit/version of tink-go.
# http_archive(
# name = "com_github_tink_crypto_tink_go_v2",
# urls = ["https://github.com/tink-crypto/tink-go/releases/download/v2.1.0/tink-go-2.1.0.zip"],
# strip_prefix = "tink-go-2.1.0",
# sha256 = "84b4b233fb20b570812e61ccb134d230222b79d2fd765c1d57352a53d439d746",
# )
http_archive(
name = "com_github_tink_crypto_tink_go_gcpkms",
urls = ["https://github.com/tink-crypto/tink-go-gcpkms/releases/download/v2.2.0/tink-go-gcpkms-2.2.0.zip"],
strip_prefix = "tink-go-gcpkms-2.2.0",
sha256 = "78177646479314e19c467a9eac90ab96667581b4d6ea5e485c5d2643dfc9b55b",
)
load("@io_bazel_rules_go//go:deps.bzl", "go_register_toolchains", "go_rules_dependencies")
load("@bazel_gazelle//:deps.bzl", "gazelle_dependencies", "go_repository")
# [Optional]: tink-go is imported as a go_repository by tink_go_gcpkms_dependencies.
# this is needed only if the user wants to pin to a specific commit/version of tink-go.
# load("@com_github_tink_crypto_tink_go_v2//:deps.bzl", tink_go_dependencies="go_dependencies")
#
# tink_go_dependencies()
load("@com_github_tink_crypto_tink_go_gcpkms//:deps.bzl", "tink_go_gcpkms_dependencies")
tink_go_gcpkms_dependencies()
#######################################
#
# Your project dependencies here.
#
#######################################
go_rules_dependencies()
go_register_toolchains(version = "1.20.13")
gazelle_dependencies()