設定 Tink Java

安裝及設定 Tink 後,請繼續參閱後續步驟

Tink Java

核心 Java 程式庫是 tink-java,最新版本為 1.16.0。Tink Java 支援 Java 8 以上版本。

Maven

您可以使用 Maven 納入 Tink Java:

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>tink</artifactId>
  <version>1.16.0</version>
</dependency>

Bazel

Maven 發布構件

Bazel 使用者如要將 Tink Java 新增為依附元件,建議在 WORKSPACE 檔案中使用 rules_jvm_external 工具安裝 Maven 發布構件:

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

RULES_JVM_EXTERNAL_TAG = "6.1"
RULES_JVM_EXTERNAL_SHA ="d31e369b854322ca5098ea12c69d7175ded971435e55c18dd9dd5f29cc5249ac"

http_archive(
    name = "rules_jvm_external",
    strip_prefix = "rules_jvm_external-%s" % RULES_JVM_EXTERNAL_TAG,
    sha256 = RULES_JVM_EXTERNAL_SHA,
    url = "https://github.com/bazelbuild/rules_jvm_external/releases/download/%s/rules_jvm_external-%s.tar.gz" % (RULES_JVM_EXTERNAL_TAG, RULES_JVM_EXTERNAL_TAG)
)

load("@rules_jvm_external//:repositories.bzl", "rules_jvm_external_deps")

rules_jvm_external_deps()

load("@rules_jvm_external//:setup.bzl", "rules_jvm_external_setup")

rules_jvm_external_setup()

load("@rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.16.0",
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

從原始碼開始建構

如果您想從來源建構 tink-java,例如將特定版本釘選,您可以在 WORKSPACE 檔案中加入該版本做為 http_archive

load("@bazel_tools//tools/build_defs/repo:http.bzl", "http_archive")

TINK_COMMIT="f4127f6b6ab9c367d41ade1f50db6f0ef9909044"
TINK_SHA256="e246f848f7749e37f558955ecb50345b04d79ddb9d8d1e8ae19f61e8de530582"

http_archive(
    name = "tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/archive/%s.zip" % TINK_COMMIT],
    strip_prefix = "tink-%s" % TINK_COMMIT,
    sha256 = TINK_SHA256
)

load("@tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

# rules_jvm_external is imported and initialized by tink_java_deps and
# tink_java_deps_init.
load("@rules_jvm_external//:defs.bzl", "maven_install")

maven_install(
  artifacts = TINK_MAVEN_ARTIFACTS + # ... other dependencies ...
  repositories = [
      "https://maven.google.com",
      "https://repo1.maven.org/maven2",
  ],
)

Tink Android

核心 Android 程式庫為 tink-java,最新版本為 1.16.0

從 API 級別 24 開始,Tink Android 可完全支援。從 API 級別 21 開始,Tink 的大部分部分都應可正常運作。在 API 級別 21 中,Tink 無法立即執行的部分如下:

  • JWT 程式庫會使用 java.util.Optional 等類別,因此需要 API 級別 24。您可以透過去除糖衣來避免這項限制。

  • com.google.crypto.tink.integration.android 中的類別只有在 API 級別 23 以上才會完整測試。

  • com.google.crypto.tink.streamingaead 中的部分 API 會使用 SeekableByteBufferChannel,但 SeekableByteBufferChannel 僅適用於 API 級別 24。

基於技術因素,我們只會在 Google 內部基礎架構上測試 Android 版 Tink。我們不認為這會造成任何問題,但如果您遇到任何問題,請提出問題。

Tink Android 不需要 ProGuard 設定。

Gradle

您可以使用 Gradle 中的 tink-android

dependencies {
  implementation 'com.google.crypto.tink:tink-android:1.16.0'
}

AWS KMS 擴充功能

Tink Java AWS KMS 擴充功能為 tink-java-awskms,最新版本為 1.11.0

Maven

您可以使用 Maven 納入 Tink Java AWS KMS 擴充功能:

<dependencies>
  <dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink-awskms</artifactId>
    <version>1.11.0</version>
  </dependency>
</dependencies>

Bazel

Maven 發布構件

您可以使用 rules_jvm_external 工具,將 com.google.crypto.tink:tink-awskms Maven 構件與 com.google.crypto.tink:tink 一併安裝。

# ...

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.16.0",
        "com.google.crypto.tink:tink-awskms:1.11.0",
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

從原始碼開始建構

如果您想從來源建構 tink-awskms,例如將特定提交內容固定,可以將其加入 WORKSPACE 檔案中,做為 http_archive

# ...

http_archive(
    name = "tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/releases/download/v1.16.0/tink-java-1.16.0.zip"],
    strip_prefix = "tink-java-1.16.0",
    sha256 = "6bf0bb13281257fdf07d70abfc025f0e3ab18abd22646b1ada3fe297f7feaedb",
)

load("@tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

http_archive(
    name = "tink_java_awskms",
    urls = ["https://github.com/tink-crypto/tink-java-awskms/releases/download/v1.11.0/tink-java-awskms-1.11.0.zip"],
    strip_prefix = "tink-java-awskms-1.11.0",
    sha256 = "18f8faa7ba0019fc584f9e03f94221ebbcc83f059568d2277a4866003153e151",
)

load("@tink_java_awskms//:tink_java_awskms_deps.bzl", "TINK_JAVA_AWSKMS_MAVEN_ARTIFACTS")

maven_install(
    artifacts = TINK_MAVEN_ARTIFACTS + TINK_JAVA_AWSKMS_MAVEN_ARTIFACTS + [
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Google Cloud KMS 擴充功能

Tink Java Google Cloud KMS 外掛程式為 tink-java-gcpkms,最新版本為 1.10.0

Maven

您可以使用 Maven 納入 Tink Java Google Cloud KMS 擴充功能:

<dependencies>
  <dependency>
    <groupId>com.google.crypto.tink</groupId>
    <artifactId>tink-gcpkms</artifactId>
    <version>1.10.0/version>
  </dependency>
</dependencies>

Bazel

Maven 發布構件

您可以使用 rules_jvm_external 工具,將 com.google.crypto.tink:tink-gcpkms Maven 構件與 com.google.crypto.tink:tink 一併安裝。

# ...

maven_install(
    artifacts = [
        "com.google.crypto.tink:tink:1.16.0",
        "com.google.crypto.tink:tink-gcpkms:1.10.0",
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

從原始碼開始建構

如果您想從來源建構 tink-gcpkms,例如將特定提交內容固定,可以將其加入 WORKSPACE 檔案中,做為 http_archive

# ...

http_archive(
    name = "tink_java",
    urls = ["https://github.com/tink-crypto/tink-java/releases/download/v1.16.0/tink-java-1.16.0.zip"],
    strip_prefix = "tink-java-1.16.0",
    sha256 = "6bf0bb13281257fdf07d70abfc025f0e3ab18abd22646b1ada3fe297f7feaedb",
)

load("@tink_java//:tink_java_deps.bzl", "TINK_MAVEN_ARTIFACTS", "tink_java_deps")

tink_java_deps()

load("@tink_java//:tink_java_deps_init.bzl", "tink_java_deps_init")

tink_java_deps_init()

http_archive(
    name = "tink_java_gcpkms",
    urls = ["https://github.com/tink-crypto/tink-java-gcpkms/releases/download/v1.10.0/tink-java-gcpkms-1.10.0.zip"],
    strip_prefix = "tink-java-gcpkms-1.10.0",
    sha256 = "ad85625cc4409f2f6ab13a8eef39c965501585e9323d59652cce322b3d2c09a2",
)

load("@tink_java_gcpkms//:tink_java_gcpkms_deps.bzl", "TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS")

maven_install(
    artifacts =  TINK_MAVEN_ARTIFACTS + TINK_JAVA_GCPKMS_MAVEN_ARTIFACTS + [
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

Tink Java 應用程式

Tink Java Apps 程式庫提供 Google 付款方式符記Google AdMob 獎勵廣告的伺服器端驗證RFC 8291 - 用於網路推送的訊息加密功能的實作方式,其中 1.11.0 為最新版本。

Maven

您可以使用 Maven 加入 Tink Java Apps 程式庫:

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>apps-webpush</artifactId>
  <version>1.11.0</version>
</dependency>

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>apps-paymentmethodtoken</artifactId>
  <version>1.11.0</version>
</dependency>

<dependency>
  <groupId>com.google.crypto.tink</groupId>
  <artifactId>apps-rewardedads</artifactId>
  <version>1.11.0</version>
</dependency>

Bazel

您可以使用 rules_jvm_external 工具安裝任何 com.google.crypto.tink:apps-* Maven 構件。

# ...

maven_install(
    artifacts = [
        "com.google.crypto.tink:apps-webpush:1.11.0",
        "com.google.crypto.tink:apps-paymentmethodtoken:1.11.0",
        "com.google.crypto.tink:apps-rewardedads:1.11.0",
        # ... other dependencies ...
    ],
    repositories = [
        "https://maven.google.com",
        "https://repo1.maven.org/maven2",
    ],
)

後續步驟

完成 Tink 設定後,請繼續執行標準的 Tink 使用步驟:

  • 選擇原始元素:根據用途決定要使用的原始元素
  • 管理金鑰:使用外部 KMS 保護金鑰、產生金鑰組合,以及輪替金鑰