Google Tink is a tool which provides an End to End solution for Encryption/Decryption.
Steps:
Step #1: Create the Encryption key.
Goto https://developers.google.com/tink/install-tinkey & unzip to a folder
The Encryption key can be generated in Binary or JSON format.
tinkey.bat create-keyset --key-template AES256_GCM --out keyset.bin --out-format binary
in case you want to generate in json format you can use below command
tinkey.bat create-keyset --key-template AES256_GCM --out keyset.json
Step #2: Encrypt the data
Create a maven project
Add below dependency:
<dependency>
<groupId>com.google.crypto.tink</groupId>
<artifactId>tink</artifactId>
<version>1.7.0</version> <!-- Use the latest version -->
</dependency>
Add the below code for encryption/decrytion
private static Aead aead =null;
static {
try {
AeadConfig.register();
KeysetHandle keysetHandle = CleartextKeysetHandle.read(BinaryKeysetReader.withFile(new File("<path to binary file>")));
//use below in case reading from json file
// KeysetHandle keysetHandle = CleartextKeysetHandle.read(JsonKeysetReader.withBytes(Hex.decode("<path to json file>"))); aead = AeadFactory.getPrimitive(keysetHandle);
} catch (Exception e) {
throw new RuntimeException(e);
}
}public static String encryptData(String data) throws GeneralSecurityException {
return Hex.encode(aead.encrypt(data.getBytes(),null));
}
public static String decryptData(String data) throws GeneralSecurityException {
return new String(aead.decrypt(Hex.decode(data),null));
}
You can pass associated key also for encrypt & decryptFurther Reading:https://www.baeldung.com/google-tinkhttps://developers.google.com/tinkhttps://woodpecker-ci.org/docs/1.0/administration/encryption
https://fuchsia.googlesource.com/third_party/tink/+/HEAD/docs/TINKEY.md
