Stay organized with collections
Save and categorize content based on your preferences.
Tink APIs take arbitrary binary blobs as input. This means that if you want to
encrypt structured data, like
protocol buffers, you need to
encode the data first.
Encrypt a protobuf
To encrypt:
Serialize the protobuf to a byte array.
Encrypt the serialized bytes, then store or send the resulting ciphertext.
Use:
Store the serialized bytes together with the signature (or MAC).
To verify:
Get the serialized protobuf and its signature (or MAC).
Verify the signature (or MAC).
Deserialize the protobuf.
Note that a valid signature or MAC does not guarantee that the data is correctly
formatted. An implementation that parses the data should always expect that the
data might be corrupt.
Protect multiple data items
To protect multiple data items, use a serialization method. Add all of the data
items to a protobuf, and encrypt (or authenticate) it as described above.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-11-14 UTC."],[[["Tink APIs accept arbitrary binary data as input, requiring serialization of structured data like Protocol Buffers before encryption."],["Tink provides various encryption methods like AEAD, hybrid encryption, and deterministic AEAD to secure serialized data."],["Tink supports data integrity through digital signatures and MACs, but verification doesn't guarantee data formatting."],["Protecting multiple data items involves serialization, preferably using Protocol Buffers or length-prefixed concatenation, followed by encryption or authentication."]]],["Tink API handles binary blobs, requiring structured data like protocol buffers to be encoded first. To encrypt a protobuf, serialize it to bytes, then encrypt using AEAD, hybrid, or deterministic AEAD methods. Decryption involves decrypting the ciphertext and deserializing the protobuf. To protect from tampering, serialize, then sign or authenticate using digital signature or MAC, storing the signature with the data, verifying the signature before deserializing. Protecting multiple items requires serialization via a protobuf or a length-prefixed method, followed by encryption or authentication.\n"]]
