Tink is a multi-language, cross-platform, open source library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Tink

A multi-language, cross-platform library that provides cryptographic APIs that are secure, easy to use correctly, and hard(er) to misuse.

Ubuntu macOS
Kokoro Ubuntu Kokoro macOS

Index

  1. Introduction
  2. Current status
  3. Getting started
  4. Learn more
  5. Contact and mailing list
  6. Maintainers

Introduction

Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.

Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is one of the standard crypto libraries, and has been deployed in hundreds of products and systems.

To get a quick overview of Tink design please take a look at slides from a talk about Tink presented at Real World Crypto 2019.

Current status

Java/Android, C++, Obj-C, Go, and Python are field tested and ready for production. The latest version is 1.5.0, released on 2020-10-13.

Javascript/Typescript is in an alpha state, should only be used for testing. Check it out and let us know what you think!

Getting started

As a starting point, the examples demonstrate performing simple tasks using Tink in a variety of languages.

  • Python
pip3 install tink
  • Golang
go get github.com/google/tink/go/...
  • Java
<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.5.0</version>
</dependency>
  • Android
dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.5.0'
}
  • Objective-C/iOS
cd /path/to/your/Xcode project/
pod init
pod 'Tink', '1.5.0'
pod install

Learn more

Community-driven ports

Out of the box Tink supports a wide range of languages, but it still doesn't support every language. Fortunately, some users like Tink so much that they've ported it to their favorite languages! Below you can find notable ports.

WARNING While we usually review these ports, until further notice, we do not maintain them and have no plan to support them in the foreseeable future.

Contact and mailing list

If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.

If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.

Maintainers

Tink is maintained by (A-Z):

  • Taymon Beal
  • Daniel Bleichenbacher
  • Thai Duong
  • Thomas Holenstein
  • Stefan Kölbl
  • Charles Lee
  • Atul Luykx
  • Rafael Misoczki
  • Sophie Schmieg
  • Laurent Simon
  • Jürg Wullschleger

Alumni

  • Haris Andrianakis
  • Tanuj Dhir
  • Quan Nguyen
  • Bartosz Przydatek
  • Enzo Puig
  • Veronika Slívová
  • Paula Vidas
Owner
Google
Google ❤️ Open Source
Google
Comments
  • Add more Keyset Manager functionality to Go

    Add more Keyset Manager functionality to Go

    - brings Java KeysetManager functions to Go: Add, Enable, Disable, Delete, Destroy and SetPrimary
    - updates Rotate docs to 'Deprecated' point to Add & SetPrimary
    - mostly copies same Java tests/assertions
    
  • Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Proguard/R8 is stripping out fields from generated file class AesGcmKeyFormat

    Coming from Tink 1.3.0 stable to Tink 1.4 RC2 (on Android), I noticed that the AesGcmKeyFormat has a possible problem with proguard/R8. We haven't added anything in our proguard-rules.pro file for Tink and am getting a stack trace like this

    java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	... 13 more
    Caused by: java.lang.NoClassDefFoundError: com.google.crypto.tink.aead.AeadKeyTemplates
    	at slack.commons.security.AeadPrimitiveFactoryImpl.getAeadPrimitive(AeadPrimitiveFactory.kt:4)
    	... 12 more
    Caused by: java.lang.ExceptionInInitializerError
    	at androidx.security.crypto.EncryptedSharedPreferences$PrefValueEncryptionScheme.
    <clinit>(EncryptedSharedPreferences.java:1)
            ... 11 more
    Caused by: java.lang.RuntimeException: Field version_ for com.google.crypto.tink.proto.AesGcmKeyFormat not found. Known fields are [public int com.google.crypto.tink.proto.AesGcmKeyFormat.keySize_, public static final com.google.crypto.tink.proto.AesGcmKeyFormat com.google.crypto.tink.proto.AesGcmKeyFormat.DEFAULT_INSTANCE, public static volatile com.google.crypto.tink.shaded.protobuf.Parser com.google.crypto.tink.proto.AesGcmKeyFormat.PARSER]
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.reflectField(MessageSchema.java:7)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchemaForRawMessageInfo(MessageSchema.java:53)
    	at com.google.crypto.tink.shaded.protobuf.MessageSchema.newSchema(MessageSchema.java:2)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:30)
    	at com.google.crypto.tink.shaded.protobuf.Protobuf.schemaFor(Protobuf.java:48)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.buildPartial(GeneratedMessageLite.java:5)
    	at com.google.crypto.tink.shaded.protobuf.GeneratedMessageLite$Builder.build(GeneratedMessageLite.java:1)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.createAesGcmKeyTemplate(AeadKeyTemplates.java:5)
    	at com.google.crypto.tink.aead.AeadKeyTemplates.<clinit>(AeadKeyTemplates.java:1)
    

    In the Android studio looking at the generated AesGcmKeyFormat, it has the _version

    package com.google.crypto.tink.proto;
    
    import ...;
    
    public final class AesGcmKeyFormat extends GeneratedMessageLite<AesGcmKeyFormat, AesGcmKeyFormat.Builder> implements AesGcmKeyFormatOrBuilder {
        public static final int KEY_SIZE_FIELD_NUMBER = 2;
        private int keySize_;
        public static final int VERSION_FIELD_NUMBER = 3;
        private int version_;
        private static final AesGcmKeyFormat DEFAULT_INSTANCE;
        private static volatile Parser<AesGcmKeyFormat> PARSER;
    
    ...
    }
    

    But when looking at the build APK with proguard/R8 running through it, seems like version_ was removed

    Screen Shot 2020-05-19 at 5 33 14 PM

    Seems like the AesSivKeyFormat has a similar problem as well.

    Screen Shot 2020-05-19 at 5 47 31 PM

    I'm going to also check if this problem might have existed in the 1.3 release of the library. But I haven't seen this stack trace before.

    We stricly use protobuf 3.12.0

    +--- com.google.protobuf:protobuf-java:{strictly 3.12.0} -> 3.12.0 (c)
    
    ...
    
    |    |    \--- com.google.protobuf:protobuf-javalite:3.12.0
    
    ...
    
    |    |    +--- com.google.android.apps.common.testing.accessibility.framework:accessibility-test-framework:2.1
    |    |    |    +--- org.hamcrest:hamcrest-core:1.3 -> org.hamcrest:hamcrest:2.2
    |    |    |    \--- com.google.protobuf:protobuf-java:2.6.1 -> 3.12.0
    
  • PHP Implementation?

    PHP Implementation?

    I intend to follow this up with a pull request.

    Would the Tink team be interested in a PHP implementation of the same API? Obtensibly it would wrap both the openssl and sodium extensions.

  • Python support release date

    Python support release date

    Is there any update on the release date for a version of Tink that supports Python? The roadmap states August 2019 as the intended date and that has come and gone...!

    It'd be good to have access to a release with Python support before January 2020 so old Python2 projects with Keyczar in can be migrated over to Python3 projects with Tink.

    Alternatively, if anybody has a suggestion for a suitable Python3 library to replace Keyczar in Python2 , that would be greatly appreciated!

    Regards,

    Jordan

  • [android] [throwable] arithmetic error in scalar multiplication

    [android] [throwable] arithmetic error in scalar multiplication

    we use Tink-Android to generate keyPair and sign our information. it work well in common case. but there is a crash in Android device M1 E when we use

    Ed25519Sign(private_key)
    

    and we find the throwable is

       // This check is to protect against flaws, i.e. if there is a computation error through a
        // faulty CPU or if the implementation contains a bug.
        XYZ result = new XYZ(ret);
        if (!result.isOnCurve()) {
          throw new IllegalStateException("arithmetic error in scalar multiplication");
        }
    

    https://github.com/google/tink/blob/09fc71c45dc7c4ecc7fb0df3414b0fb3a9ca52c3/java/src/main/java/com/google/crypto/tink/subtle/Ed25519.java#L626

    Android version: 7.0 cpu: Helio P10 gpu: ARM Mali-T860 Tink-Android Version: 1.2.2

    Is there anyone can help me ? thanks !

  • Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Android (tink : 1.3.0-rc3) KeyStoreException + UnrecoverableKeyException

    Hello,

    I'd like to report the follow exceptions happening with Android; we are using 1.3.0-rc3. I am not able to reproduce these issues; however they have been seen in the wild.

    OS Issue observed : Android 6,7,8,9 Devices : Samsung Galaxy S6, S7 edge. LG g4, g5, g6

    KeyStoreException (Invalid Key Blob) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:708) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185) com.loblaw.pcoptimum.android.app.utils.Crypto$AEAD.getAndroidKeysetManager (Crypto.java:204)

    KeyStoreException (Unknown error) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:1107) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreSecretKeyFromKeystore (AndroidKeyStoreProvider.java:283) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:98) java.security.KeyStore.getKey (KeyStore.java:825) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

    UnrecoverableKeyException (-49) with stack trace :

    android.security.KeyStore.getKeyStoreException (KeyStore.java:839) android.security.keystore.AndroidKeyStoreProvider.getKeyCharacteristics (AndroidKeyStoreProvider.java:236) android.security.keystore.AndroidKeyStoreProvider.loadAndroidKeyStoreKeyFromKeystore (AndroidKeyStoreProvider.java:356) android.security.keystore.AndroidKeyStoreSpi.engineGetKey (AndroidKeyStoreSpi.java:101) java.security.KeyStore.getKey (KeyStore.java:1062) com.google.crypto.tink.integration.android.AndroidKeystoreAesGcm. (AndroidKeystoreAesGcm.java:48) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getAead (AndroidKeystoreKmsClient.java:111) com.google.crypto.tink.integration.android.AndroidKeystoreKmsClient.getOrGenerateNewAeadKey (AndroidKeystoreKmsClient.java:130) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:118) com.google.crypto.tink.integration.android.AndroidKeysetManager. (AndroidKeysetManager.java:88) com.google.crypto.tink.integration.android.AndroidKeysetManager$Builder.build (AndroidKeysetManager.java:185)

  • GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed

    GeneralSecurityException: decryption failed
      File "AeadWrapper.java", line 82, in decrypt
      File "TinkHelper.kt", line 33, in decrypt
    

    This error occurs with version 1.3.0-rc1 on an Android device running 9.0 but is fixed in versino 1.3.0-rc4. We can't upgrade to 1.3.0-rc4 because of https://github.com/google/tink/issues/301.

    Will the 1.3.0 release contain the fix for the decryption error but not the issue with firebase?

  • Protobuf related build issue with Tink + Firebase (Android)

    Protobuf related build issue with Tink + Firebase (Android)

    I am trying to integrate Tink to my Flutter app which also uses Firebase. With 1.3.0-rc3 I get this build errors in Android:

    Execution failed for task ':app:checkDevelopmentDebugDuplicateClasses'.
    > 1 exception was raised by workers:
      java.lang.RuntimeException: java.lang.RuntimeException: Duplicate class com.google.protobuf.AbstractMessageLite found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractMessageLite$Builder$LimitedInputStream found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractParser found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.AbstractProtobufList found in modules protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0) and protobuf-lite-3.0.1.jar (com.google.protobuf:protobuf-lite:3.0.1)
      Duplicate class com.google.protobuf.Any found in modules classes.jar (com.google.firebase:protolite-well-known-types:17.0.0) and protobuf-javalite-3.10.0.jar (com.google.protobuf:protobuf-javalite:3.10.0)
    .
    .
    .
    

    I have tried various suggestions mentioned in other protobuf related issues here but no solution found so far.

    Issue disappears if I downgrade Tink to version 1.3.0-rc1, so I am using it as a workaround for now.

  • "go get" fails when specifying "latest" version as a Go module dependency

    The go/keyset API is not present in the latest release, which causes problems when trying to use go modules:

    GO111MODULE=on go get github.com/google/tink/go/keyset
    go: finding github.com/google/tink/go/keyset latest
    go: finding github.com/google/tink/go latest
    go get github.com/google/tink/go/keyset: no matching versions for query "latest"
    
  • On Android, when GeneralSecurityException

    On Android, when GeneralSecurityException "decryption failed" is thrown when calling AeadFactory::decrypt?

    Hi,

    Edit: we are using Tink 1.2.2.

    We have been getting crash reports with the exception GeneralSecurityException: decryption failed with the stack trace pointing to AeadFactory::decrypt as the source of the exception, and we are lost on when that happens.

    We are not sharing the keys or the cipher text, so, the same device and algorithm that encrypts it, is the same one that is decrypting it.

    We are also using the AndroidKeysetManager.

    The error seems to happen exclusively on Android 8 e 9 so far.

    Any idea on what may be causing this exception being thrown? Thank you :)

    Check our full implementation: https://gist.github.com/AllanHasegawa/85431b6f7c53074511527655712c9872

  • InvalidProtocolBufferException (Protocol message contained an invalid tag (zero))

    InvalidProtocolBufferException (Protocol message contained an invalid tag (zero))

    In my Android app, I see this exception happening on one device: Protocol message contained an invalid tag (zero)., com.google.crypto.tink.shaded.protobuf.InvalidProtocolBufferException

    Related code where the exception happens (Kotlin code from my Flutter plugin):

    .
    .
    .
    "encryptString" -> {
        uiScope.launch {
            try {
                var encryptedDataBase64String: String? = null
                withContext(Dispatchers.IO) {
                    initializeTink()
    
                    val applicationId = call.argument<String>("applicationId")
                            ?: throw IllegalArgumentException("applicationId")
                    val keySetName = call.argument<String>("keySetName")
                            ?: throw IllegalArgumentException("keySetName")
                    val dataString = call.argument<String>("data")
                            ?: throw IllegalArgumentException("data")
                    val passwordString = call.argument<String>("password")
    
                    val data = dataString.toByteArray(Charsets.UTF_8)
    
                    val password = passwordString!!.toByteArray(Charsets.UTF_8)
    
                    val keySetHandle = getOrGenerateNewKeysetHandle(applicationContext!!, applicationId, keySetName)
                    val aead = keySetHandle.getPrimitive(Aead::class.java)
    
                    val encryptedData = aead.encrypt(data, password)
    
                    encryptedDataBase64String = Base64.encodeToString(encryptedData, Base64.DEFAULT)
                }
                result.success(encryptedDataBase64String)
            } catch (e: Exception) {
                Log.e(LOG_TAG, "Exception", e)
                result.error(
                        "Exception",
                        e.localizedMessage ?: e.message ?: "$e", "$e")
            }
        }
    }
    
    

    Tink 1.4.0 Device: Huawei P20 / Android 10

    This is an user device so I cannot reproduce it myself (I see this from Crashlytics).

  • Enable CIFuzz Github action.

    Enable CIFuzz Github action.

    Add CIFuzz workflow action to have fuzzers build and run on each PR. This is a service offered by OSS-Fuzz where tink already runs. CIFuzz can help detect catch regressions and fuzzing build issues early, and has a variety of features (see the URL above). In the current PR the fuzzers gets build on a pull request and will run for 300 seconds.

    Signed-off-by: David Korczynski [email protected]

  • BigQuery function KEYSET_CHAIN can't decrypt a Tink encrypted keyset

    BigQuery function KEYSET_CHAIN can't decrypt a Tink encrypted keyset

    BigQuery has a function named KEYS.KEYSET_CHAIN. The first line of it's documentation is:

    "Can be used in place of the keyset argument to the AEAD and deterministic encryption functions to pass a Tink keyset that is encrypted with a Cloud KMS key."

    But when I pass it my bytes representation of my encrypted key, I get the following error:

    "google.api_core.exceptions.BadRequest: 400 Query error: Decryption failed: verify that 'name' refers to the correct CryptoKey."

    Im using Tink 1.7 with python 3.9 on a M1 Mac.

    I have been able to get it to work without encrypting the DEK with a key in KMS in the way described in #373, but I can't do it once the key in encrypted.

    Perhaps I am encrypting the key incorrectly or decrypting it in BigQuery in an unsupported way?

    I'm using Python and the byte representation of the key does look odd b'\x12\xbd\x01\n$\x00\xa4\xfd\x16\x1d\xb6Yk\xd2\xa5RqW\xfePQ\xd9\x9c\xf6[|\x84\xa7l\xaf\xa68\xfa\xa0\x82:\xbb(;\xb9\xc4\x12\x94\x01\x00\xd1\x11\xc8\xe1\xc4s\xb2\xe9\xfd\x13\x8c\x84\xc4\xb4\xb1\xcc\xf6v\x89\xba\x07Z\x1d\x82\x93\x14)A\x82\x94\xc0U\x0f\xd8\xe9\x94\xab:\x9c03\xea*g\x820\xceY\xb6=o\xc8-\xa3\xa8-\x15\x0bEi\x9a\x13\x00q\xf0\xb4Q\x14\xd46\xa0\x9cN\x84;9\xeb\xd9\xa3$\x91\x8bi\xc9\xc5\xaa/~\xdcC4#\xcc\xc2T\xbc\xa7\xb3\xb0\xa6\xcc7oz\xe2\xa1J\xc5\xd9\x1f\xa0\x15\x9e\x02\xfd\x97\xd04\xbdLf\xc43\xce\x1b\xf9loDc\xb4W\xe4Z\x07\x1e.)\x85\xc7\xf1\xff\xb7\xb1J\x0b\xd6\x1aD\x08\xe8\xbd\xd9\xa2\x06\x12<\n0type.googleapis.com/google.crypto.tink.AesGcmKey\x10\x01\x18\xe8\xbd\xd9\xa2\x06 \x03'

    The documentation for BigQuery's AEAD functions seems to expect something like: b'\012\044\000\107\275\360\176\264\206\332\235\215\304...'

    Perhaps this is the problem?

    Any help would be appreciated.

    Repo

    To get the script to run I had to download the roots.pem file from https://github.com/grpc/grpc/blob/master/etc/roots.pem

    I placed the roots.pem file in the same directory as my script.

    I then set this environment variable GRPC_DEFAULT_SSL_ROOTS_FILE_PATH=roots.pem

    import io
    import tink
    from tink import aead, cleartext_keyset_handle
    from tink.integration import gcpkms
    from google.cloud import bigquery
    
    key_uri = 'gcp-kms://projects/YOUR_PROJECT/locations/europe-west2/keyRings/YOUR_KEYRING/cryptoKeys/YOUR_KEY'
    
    aead.register()
    gcpkms.GcpKmsClient.register_client(key_uri=key_uri, credentials_path="")
    
    # Generate the KEK
    template = aead.aead_key_templates.create_kms_aead_key_template(key_uri=key_uri)
    handle = tink.KeysetHandle.generate_new(template)
    kms_aead_primitive = handle.primitive(aead.Aead)
    
    # Generate the DEK
    key_template = aead.aead_key_templates.AES256_GCM_RAW
    keyset_handle = tink.KeysetHandle.generate_new(key_template)
    aead_primitive = keyset_handle.primitive(aead.Aead)
    
    # Encrypt data with the DEK
    encrypted_value = aead_primitive.encrypt(
        plaintext='encrypt_me'.encode('utf-8'),
        associated_data='test'.encode('utf-8')
    )
    
    # Get key by writing it out and capturing that with an io stream
    stream = io.BytesIO()
    # Encrypt DEK with kms aead primitive
    keyset_handle.write(tink.BinaryKeysetWriter(stream), kms_aead_primitive)
    stream.seek(0)
    key = stream.read()
    
    # Decrypt in BigQuery
    bq_client = bigquery.Client(location='europe-west2')
    
    sql = f"""
    DECLARE kms_resource_name STRING;
    DECLARE first_level_keyset BYTES;
    DECLARE associated_data STRING;
    
    SET kms_resource_name = '{key_uri}';
    SET first_level_keyset = {key};
    SET associated_data = 'test';
    
    SELECT
        AEAD.DECRYPT_STRING(
            KEYS.KEYSET_CHAIN(kms_resource_name, first_level_keyset),
            {encrypted_value},
            associated_data
        ) as Decrypted
    
    """
    
    job_config = bigquery.QueryJobConfig(
        priority=bigquery.QueryPriority.BATCH
    )
    
    job = bq_client.query(sql, job_config=job_config)
    
    result = job.result()
    
  • Bump minimatch from 3.0.4 to 3.1.2 in /javascript

    Bump minimatch from 3.0.4 to 3.1.2 in /javascript

    Bumps minimatch from 3.0.4 to 3.1.2.

    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Bump socket.io-parser from 4.0.4 to 4.0.5 in /javascript

    Bump socket.io-parser from 4.0.4 to 4.0.5 in /javascript

    Bumps socket.io-parser from 4.0.4 to 4.0.5.

    Release notes

    Sourced from socket.io-parser's releases.

    4.0.5

    Bug Fixes

    • check the format of the index of each attachment (b559f05)

    Links

    Changelog

    Sourced from socket.io-parser's changelog.

    4.0.5 (2022-06-27)

    Bug Fixes

    • check the format of the index of each attachment (b559f05)

    4.2.0 (2022-04-17)

    Features

    • allow the usage of custom replacer and reviver (#112) (b08bc1a)

    4.1.2 (2022-02-17)

    Bug Fixes

    • allow objects with a null prototype in binary packets (#114) (7f6b262)

    4.1.1 (2021-10-14)

    4.1.0 (2021-10-11)

    Features

    • provide an ESM build with and without debug (388c616)
    Commits

    Dependabot compatibility score

    Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.


    Dependabot commands and options

    You can trigger Dependabot actions by commenting on this PR:

    • @dependabot rebase will rebase this PR
    • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
    • @dependabot merge will merge this PR after your CI passes on it
    • @dependabot squash and merge will squash and merge this PR after your CI passes on it
    • @dependabot cancel merge will cancel a previously requested merge and block automerging
    • @dependabot reopen will reopen this PR if it is closed
    • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
    • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
    • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)
    • @dependabot use these labels will set the current labels as the default for future PRs for this repo and language
    • @dependabot use these reviewers will set the current reviewers as the default for future PRs for this repo and language
    • @dependabot use these assignees will set the current assignees as the default for future PRs for this repo and language
    • @dependabot use this milestone will set the current milestone as the default for future PRs for this repo and language

    You can disable automated security fix PRs for this repo from the Security Alerts page.

  • Key commitment attack mitigation

    Key commitment attack mitigation

    Hey Tink developers! In 2020, the AWS encryption SDK introduced (announcement) "key commitment" to mitigate attacks against authenticated encryption schemes using symmetric keys (e.g. aes-gcm). There are now a handful of published papers showing practical attacks (paper). In short, an attacker can craft 2 keys such that the ciphertext authenticates with both keys.

    Has Tink implemented or plans to implement any fixes to address this?

    My understanding of AWS's scheme: AWS uses HKDF to derive an encryption key and a commit key from a generated data key. Additionally, a EC key pair is generated. Both the commit key and the EC public key are included in the format's header. The derived encryption key is used to authenticate the format's header and encrypt the data. Finally, both the header and the encrypted body are signed with the EC private key. The signature is appended as a footer.

    As part of decryption, the commit key is derived and compared against the the one included in the header.

A self-contained cryptographic library for Python

PyCryptodome PyCryptodome is a self-contained Python package of low-level cryptographic primitives. It supports Python 2.7, Python 3.4 and newer, and

Nov 25, 2022
cryptography is a package designed to expose cryptographic primitives and recipes to Python developers.

pyca/cryptography cryptography is a package which provides cryptographic recipes and primitives to Python developers. Our goal is for it to be your "c

Dec 1, 2022
A symmetric cryptographic module.
A symmetric cryptographic module.

Exemple of use : import Seleni MyKey = "GitHub" MySecretText = "Seleni is wonderfull !!!" MyEncryptedText = Seleni.crypt(MyKey, MySecretText) print(My

Jan 15, 2022
Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters.
Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters.

modeval Modeval (or Modular Eval) is a modular and secure string evaluation library that can be used to create custom parsers or interpreters. Basic U

Jan 1, 2022
seno-blockchain is just a fork of Chia, designed to be efficient, decentralized, and secure
 seno-blockchain is just a fork of Chia, designed to be efficient, decentralized, and secure

seno-blockchain https://seno.uno Seno is just a fork of Chia, designed to be efficient, decentralized, and secure. Here are some of the features and b

Jul 2, 2022
A simple and secure password-based encryption & decryption algorithm based on hash functions, implemented solely based on python.

pyhcrypt A simple and secure password-based encryption & decryption algorithm based on hash functions, implemented solely based on python. Usage Pytho

Feb 8, 2022
Gold(Gold) is a modern cryptocurrency built from scratch, designed to be efficient, decentralized, and secure
Gold(Gold) is a modern cryptocurrency built from scratch, designed to be efficient, decentralized, and secure

gold-blockchain (Gold) Gold(Gold) is a modern cryptocurrency built from scratch, designed to be efficient, decentralized, and secure. Here are some of

Mar 9, 2022
SVSHI - Secure and Verified Smart Home Infrastructure
SVSHI - Secure and Verified Smart Home Infrastructure

The SVSHI (Secure and Verified Smart Home Infrastructure) (pronounced like "sushi") project is a platform/runtime/toolchain for developing and running formally verified smart infrastructures, such as smart buildings, smart cities, etc.

Oct 28, 2022
Bit is Python's fastest Bitcoin library and was designed from the beginning to feel intuitive, be effortless to use, and have readable source code.

Bit is Python's fastest Bitcoin library and was designed from the beginning to feel intuitive, be effortless to use, and have readable source code.

Nov 28, 2022
dashboard to track crypto prices and change via the coinmarketcap APIs

crypto-dashboard Dashboard to track crypto prices and change via the coinmarketcap APIs. Uses chart.js and ag-grid. Requirements: python 3 (was writte

Nov 9, 2021
XMRiGUI is free and open-source crypto miner for Linux. It uses XMRig for mining and GTK3 for GUI.
XMRiGUI is free and open-source crypto miner for Linux. It uses XMRig for mining and GTK3 for GUI.

XMRiGUI is free and open-source crypto miner for Linux. It uses XMRig for mining and GTK3 for GUI.

Jul 7, 2022
Freqtrade is a free and open source crypto trading bot written in Python
Freqtrade is a free and open source crypto trading bot written in Python

Freqtrade is a free and open source crypto trading bot written in Python. It is designed to support all major exchanges and be controlled via Telegram. It contains backtesting, plotting and money management tools as well as strategy optimization by machine learning.

Dec 6, 2022
💰 An Alfred Workflow that provides current price of cryptocurrency
💰 An Alfred Workflow that provides current price of cryptocurrency

Coin Ticker for Alfred Workflow An Alfred Workflow that provides current price and status about cryptocurrency from cryptocompare.com. Supports Alfred

Nov 17, 2022
Cyber Security Starter Kit Platform

Cyber Security Starter Kit Platform (CSSKP) allows to instantiate new self-assessment products such as Fit4Cybersecurity, Fit4Privacy, Fit4Contract and the like.

Oct 21, 2021
Challenge2022 - A backend of a Chia project donation platform
Challenge2022 - A backend of a Chia project donation platform

Overview This is a backend of a Chia project donation platform. People can publi

Feb 4, 2022
TON Command Line Interface - easy smart contract manipulation

toncli The Open Network cross-platform smart contract command line interface. Easy to deploy and interact with TON smart contracts. Installation Toncl

Dec 2, 2022
theHasher Tool created for generate strong and unbreakable passwords by using Hash Functions.Generate Hashes and store them in txt files.Use the txt files as lists to execute Brute Force Attacks!
theHasher Tool created for generate strong and unbreakable passwords by using Hash Functions.Generate Hashes and store them in txt files.Use the txt files as lists to execute Brute Force Attacks!

$theHasher theHasher is a Tool for generating hashes using some of the most Famous Hashes Functions ever created. You can save your hashes to correspo

Feb 2, 2022
Use this script to track the gains of cryptocurrencies using historical data and display it on a super-imposed chart in order to find the highest performing cryptocurrencies historically

crypto-performance-tracker Use this script to track the gains of cryptocurrencies using historical data and display it on a super-imposed chart in ord

Aug 31, 2022