Use cases

  • String encryption

Java version

  • openjdk8
  • oraclejdk9
  • openjdk9
  • oraclejdk11
  • openjdk11
  • oraclejdk13
  • openjdk13

Example Code

package com.cryptoexamples.java;

import com.google.crypto.tink.Aead;
import com.google.crypto.tink.KeysetHandle;
import com.google.crypto.tink.aead.AeadFactory;
import com.google.crypto.tink.aead.AeadKeyTemplates;
import com.google.crypto.tink.config.TinkConfig;

import java.nio.charset.StandardCharsets;
import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.logging.Level;
import java.util.logging.Logger;

/**
 * All in one example for symmetric encryption and decryption of a string in one method using Google Tink.
 * - Generation of a key
 * - AES-256 authenticated encryption (AEAD) using GCM
 * - BASE64 encoding as representation for the byte-arrays
 * - UTF-8 encoding of Strings
 * - Exception handling
 */
public class ExampleStringEncryptionKeyBasedInOneMethod {
  private static final Logger LOGGER = Logger.getLogger(ExampleStringEncryptionKeyBasedInOneMethod.class.getName());

  public static void main(String[] args) {
    String plainText = "Text that is going to be sent over an insecure channel and must be encrypted at all costs!";

    try {
      // Initialize Tink configuration
      TinkConfig.register();

      // GENERATE key
      // TODO key should only be generated once and then stored in a secure location.
      KeysetHandle keysetHandle = KeysetHandle.generateNew(AeadKeyTemplates.AES256_GCM);

      // ENCRYPTION
      Aead aeadEncryption = AeadFactory.getPrimitive(keysetHandle);
      byte[] cipherTextBytes = aeadEncryption.encrypt(plainText.getBytes(StandardCharsets.UTF_8), null);
      // conversion of raw bytes to BASE64 representation
      String cipherText = new String(Base64.getEncoder().encode(cipherTextBytes));

      // DECRYPTION
      Aead aeadDecryption = AeadFactory.getPrimitive(keysetHandle);
      byte[] decryptedCipherTextBytes = aeadDecryption.decrypt(Base64.getDecoder().decode(cipherText), null);
      String decryptedCipherText = new String(decryptedCipherTextBytes, StandardCharsets.UTF_8);

      LOGGER.log(Level.INFO, () -> String.format("Decrypted and original plain text are the same: %b", decryptedCipherText.compareTo(plainText) == 0));
    } catch (GeneralSecurityException e) {
      LOGGER.log(Level.SEVERE, e.getMessage(), e);
    }
  }
}

References

Authors

Kai Mindermann

Reviews

Tags: Java AES GCM AEAD