commit | 29949f58e3ff0f3cbaa8fcb48935235749606e2c | [log] [tgz] |
---|---|---|
author | Thomas Holenstein <tholenst@google.com> | Thu Nov 09 02:40:33 2023 -0800 |
committer | Copybara-Service <copybara-worker@google.com> | Thu Nov 09 02:41:44 2023 -0800 |
tree | 9509defbc0805f8084581e8d8f01a400e774e27c | |
parent | c90ff15edb473af39c8a8bf2f0cd07003f59e82d [diff] |
Remove validation of the public key. This isn't relevant anymore (and was always a bit of a minor thing). Let me explain. One of the issues with the KeyManagers is that there can be invalid key protos. For example, suppose that a proto of type AesGcmKey contains a key of length 1. Then, clearly this is invalid. The principle "Parse, don’t validate" says one should, when one creates an object, check that it is valid, and not even create it. However, with protos this isn't possible. So the KeyTypeManagers tried to ensure that whenever they actually parse the proto and make it come to existence, it is also validated. Because of this, the private key ones were designed to call "Validate" (in the public key manager) when they create a public key. This made things a bit more complicated and was probably a mistake from the beginning (instead, I could have probably done things better by just simply calling PublicKeyManager.validate(...) in each private key manager manually). Anyhow, we don't need this anymore: we now always go key objects anyhow (in case we have a KeyTypeManager), so things will be validated properly. We can hence remove this. PiperOrigin-RevId: 580834617 Change-Id: Ie88b958d804e4369a622cde2eea52deb3aa0e2eb
Test | GCP Ubuntu | MacOS |
---|---|---|
Bazel | ||
Maven | N/A |
Using crypto in your application shouldn't have to feel like juggling chainsaws in the dark. Tink is a crypto library written by a group of cryptographers and security engineers at Google. It was born out of our extensive experience working with Google's product teams, fixing weaknesses in implementations, and providing simple APIs that can be used safely without needing a crypto background.
Tink provides secure APIs that are easy to use correctly and hard(er) to misuse. It reduces common crypto pitfalls with user-centered design, careful implementation and code reviews, and extensive testing. At Google, Tink is one of the standard crypto libraries, and has been deployed in hundreds of products and systems.
To get a quick overview of Tink's design please take a look at Tink's goals.
The official documentation is available at https://developers.google.com/tink.
If you want to contribute, please read CONTRIBUTING and send us pull requests. You can also report bugs or file feature requests.
If you'd like to talk to the developers or get notified about major product updates, you may want to subscribe to our mailing list.
Tink is maintained by (A-Z):
Alumni: