Выберите примитив
Оптимизируйте свои подборки
Сохраняйте и классифицируйте контент в соответствии со своими настройками.
Выберите свой вариант использования, чтобы определить правильный примитив, затем перейдите по ссылке для получения руководства по использованию примитива.
Шифровать данные...
Все эти примитивы способны привязывать шифротекст к его контексту .
Обеспечьте подлинность и целостность данных путем...
Разное
Есть вопрос?
Создайте задачу в репозитории GitHub для конкретного языка, ссылка на который находится на странице организации Tink .
Если не указано иное, контент на этой странице предоставляется по лицензии Creative Commons "С указанием авторства 4.0", а примеры кода – по лицензии Apache 2.0. Подробнее об этом написано в правилах сайта. Java – это зарегистрированный товарный знак корпорации Oracle и ее аффилированных лиц.
Последнее обновление: 2025-07-25 UTC.
[null,null,["Последнее обновление: 2025-07-25 UTC."],[[["\u003cp\u003eTink provides cryptographic primitives for encrypting data, ensuring authenticity and integrity, and managing keys, categorized by use case for easy selection.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can choose from primitives like AEAD, Streaming AEAD, Deterministic AEAD, KMS Envelope AEAD, and Hybrid Encryption for data encryption with varying features and functionalities.\u003c/p\u003e\n"],["\u003cp\u003eMAC and Digital Signature primitives are available for verifying data integrity and authenticity, with different verification mechanisms.\u003c/p\u003e\n"],["\u003cp\u003eTink supports JSON Web Tokens (JWTs) and offers KMS-Encrypted Primitives for advanced key management scenarios.\u003c/p\u003e\n"],["\u003cp\u003eDetailed guidance on primitive usage is accessible via linked documentation for each specific implementation.\u003c/p\u003e\n"]]],["The content outlines cryptographic primitives based on use cases. For encrypting data, options include AEAD for standard needs, Streaming AEAD for large data, Deterministic AEAD for consistent ciphertexts, KMS Envelope AEAD for key protection, and Hybrid Encryption for public/private key scenarios. For data integrity and authenticity, MACs and Digital Signatures are available. Additional primitives include JWTs, and KMS-encrypted primitives for securing keysets. All encryption methods allow binding ciphertext to context. Questions can be raised in the GitHub repository.\n"],null,["# Choose a primitive\n\nSelect your use case to identify the correct primitive, then follow the link for\nguidance on using the primitive.\n\nEncrypt data...\n---------------\n\n| | Primitive | Details |\n|--------------------------------------------------------------------------------|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|\n| [...in standard sizes](/tink/encrypt-data) | **Authenticated Encryption with Associated Data (AEAD)** | - Suitable for most needs - Accepts plaintexts up to 2^32^ bytes - Provides plaintext confidentiality and verifies integrity and authenticity |\n| [...in large files or data streams](/tink/encrypt-large-files-or-data-streams) | **Streaming AEAD** | - For data that is too large to be processed in a single step |\n| [...deterministically](/tink/deterministic-encryption) | **Deterministic AEAD** | - Produces same ciphertext for a given plaintext and key |\n| [...with keys protected by a KMS](/tink/client-side-encryption) | **Key Management System (KMS) Envelope AEAD** | - Encrypts every plaintext with new AEAD key - Encrypts every AEAD key with KMS |\n| [...with public key, decrypt data with private key](/tink/exchange-data) | **Hybrid Encryption** | - Not authenticated - Useful when senders cannot store secrets (private key) |\n\nThese primitives are all able to [bind ciphertext to its\ncontext](/tink/bind-ciphertext).\n\nEnsure authenticity and integrity of data by...\n-----------------------------------------------\n\n| | Primitive | Details |\n|------------------------------------------------------------------------------------------------|---------------------------------------|-------------------------------------------------------------------|\n| [...creating and verifying MAC with one key](/tink/protect-data-from-tampering) | **Message Authentication Code (MAC)** | - Very fast - Only verifiable by parties who can also create MACs |\n| [...creating signature with private key, verifying with public key](/tink/digitally-sign-data) | **Digital Signature** | - Verifiable by parties who cannot create signatures |\n\nMiscellany\n----------\n\n| | Primitive | Details |\n|-------------------------------------------------------------------------------------------|-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [Create and verify JWTs](/tink/create-jwts) | **JSON Web Tokens (JWTs)** | - Can additionally convert to / from JSON Web Key (JWK) format |\n| [Encrypt any primitive's keyset with a KMS](/tink/key-management-overview#encrypt_keyset) | **KMS-Encrypted Primitive** | - Doesn't require interacting with the KMS every time the primitive is used (e.g. to encrypt a plaintext), unlike [KMS Envelope AEAD](#encrypt_data) |\n\nHave a question?\n----------------\n\nCreate an issue in the language-specific GitHub repository linked on the [Tink\norganization page](https://github.com/tink-crypto)."]]
