Package com.google.crypto.tink.aead

Class AeadKeyTemplates

java.lang.Object

com.google.crypto.tink.aead.AeadKeyTemplates

public final class AeadKeyTemplates
extends java.lang.Object

Pre-generated KeyTemplate for Aead keys.

We recommend to avoid this class to keep dependencies small.

• Using this class adds a dependency on protobuf. We hope that eventually it is possible to use Tink without a dependency on protobuf.
• Using this class adds a dependency on classes for all involved key types.

These dependencies all come from static class member variables, which are initialized when the class is loaded. This implies that static analysis and code minimization tools (such as proguard) cannot remove the usages either.

Instead, we recommend to use KeysetHandle.generateEntryFromParametersName or KeysetHandle.generateEntryFromParameters.

One can use these templates to generate new Keyset with KeysetHandle.generateNew(com.google.crypto.tink.Parameters). To generate a new keyset that contains a single AesGcmKey, one can do:

 AeadConfig.register();
 KeysetHandle handle = KeysetHandle.generateNew(AeadKeyTemplates.AES128_GCM);
 Aead aead = handle.getPrimitive(RegistryConfiguration.get(), Aead.class);
 

Since:

1.0.0

Field Summary

Fields

Modifier and Type	Field	Description
static com.google.crypto.tink.proto.KeyTemplate	AES128_CTR_HMAC_SHA256	A KeyTemplate that generates new instances of AesCtrHmacAeadKey with the following parameters: AES key size: 16 bytes AES CTR IV size: 16 byte HMAC key size: 32 bytes HMAC tag size: 16 bytes HMAC hash function: SHA256
static com.google.crypto.tink.proto.KeyTemplate	AES128_EAX	A KeyTemplate that generates new instances of com.google.crypto.tink.proto.AesEaxKey with the following parameters: Key size: 16 bytes IV size: 16 bytes
static com.google.crypto.tink.proto.KeyTemplate	AES128_GCM	A KeyTemplate that generates new instances of AesGcmKey with the following parameters: Key size: 16 bytes
static com.google.crypto.tink.proto.KeyTemplate	AES256_CTR_HMAC_SHA256	A KeyTemplate that generates new instances of AesCtrHmacAeadKey with the following parameters: AES key size: 32 bytes AES CTR IV size: 16 byte HMAC key size: 32 bytes HMAC tag size: 32 bytes HMAC hash function: SHA256
static com.google.crypto.tink.proto.KeyTemplate	AES256_EAX	A KeyTemplate that generates new instances of AesEaxKey with the following parameters: Key size: 32 bytes IV size: 16 bytes
static com.google.crypto.tink.proto.KeyTemplate	AES256_GCM	A KeyTemplate that generates new instances of AesGcmKey with the following parameters: Key size: 32 bytes
static com.google.crypto.tink.proto.KeyTemplate	CHACHA20_POLY1305	A KeyTemplate that generates new instances of ChaCha20Poly1305Key.
static com.google.crypto.tink.proto.KeyTemplate	XCHACHA20_POLY1305	A KeyTemplate that generates new instances of XChaCha20Poly1305Key.

Method Summary

Modifier and Type	Method	Description
static com.google.crypto.tink.proto.KeyTemplate	createAesCtrHmacAeadKeyTemplate(int aesKeySize, int ivSize, int hmacKeySize, int tagSize, com.google.crypto.tink.proto.HashType hashType)
static com.google.crypto.tink.proto.KeyTemplate	createAesEaxKeyTemplate(int keySize, int ivSize)
static com.google.crypto.tink.proto.KeyTemplate	createAesGcmKeyTemplate(int keySize)
static com.google.crypto.tink.proto.KeyTemplate	createKmsEnvelopeAeadKeyTemplate(java.lang.String kekUri, com.google.crypto.tink.proto.KeyTemplate dekTemplate)	Returns a new KeyTemplate that can generate a KmsEnvelopeAeadKey whose key encrypting key (KEK) is pointing to kekUri and DEK template is dekTemplate.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

AES128_GCM

public static final com.google.crypto.tink.proto.KeyTemplate AES128_GCM

A KeyTemplate that generates new instances of AesGcmKey with the following parameters:

• Key size: 16 bytes

On Android KitKat (API level 19), the Aead instance generated by this key template does not support associated data. It might not work at all in older versions.

AES256_GCM

public static final com.google.crypto.tink.proto.KeyTemplate AES256_GCM

A KeyTemplate that generates new instances of AesGcmKey with the following parameters:

• Key size: 32 bytes

On Android KitKat (API level 19), the Aead instance generated by this key template does not support associated data. It might not work at all in older versions.

AES128_EAX

public static final com.google.crypto.tink.proto.KeyTemplate AES128_EAX

A KeyTemplate that generates new instances of com.google.crypto.tink.proto.AesEaxKey with the following parameters:

• Key size: 16 bytes
• IV size: 16 bytes

AES256_EAX

public static final com.google.crypto.tink.proto.KeyTemplate AES256_EAX

A KeyTemplate that generates new instances of AesEaxKey with the following parameters:

• Key size: 32 bytes
• IV size: 16 bytes

AES128_CTR_HMAC_SHA256

public static final com.google.crypto.tink.proto.KeyTemplate AES128_CTR_HMAC_SHA256

A KeyTemplate that generates new instances of AesCtrHmacAeadKey with the following parameters:

• AES key size: 16 bytes
• AES CTR IV size: 16 byte
• HMAC key size: 32 bytes
• HMAC tag size: 16 bytes
• HMAC hash function: SHA256

AES256_CTR_HMAC_SHA256

public static final com.google.crypto.tink.proto.KeyTemplate AES256_CTR_HMAC_SHA256

A KeyTemplate that generates new instances of AesCtrHmacAeadKey with the following parameters:

• AES key size: 32 bytes
• AES CTR IV size: 16 byte
• HMAC key size: 32 bytes
• HMAC tag size: 32 bytes
• HMAC hash function: SHA256

CHACHA20_POLY1305

public static final com.google.crypto.tink.proto.KeyTemplate CHACHA20_POLY1305

A KeyTemplate that generates new instances of ChaCha20Poly1305Key.

Since:

1.1.0

XCHACHA20_POLY1305

public static final com.google.crypto.tink.proto.KeyTemplate XCHACHA20_POLY1305

A KeyTemplate that generates new instances of XChaCha20Poly1305Key.

Since:

1.3.0

Method Detail

createAesGcmKeyTemplate

public static com.google.crypto.tink.proto.KeyTemplate createAesGcmKeyTemplate(int keySize)

Returns:

a KeyTemplate containing a AesGcmKeyFormat with some specified parameters.

createAesEaxKeyTemplate

public static com.google.crypto.tink.proto.KeyTemplate createAesEaxKeyTemplate(int keySize,
                                                                               int ivSize)

Returns:

a KeyTemplate containing a AesEaxKeyFormat with some specified parameters.

createAesCtrHmacAeadKeyTemplate

public static com.google.crypto.tink.proto.KeyTemplate createAesCtrHmacAeadKeyTemplate(int aesKeySize,
                                                                                       int ivSize,
                                                                                       int hmacKeySize,
                                                                                       int tagSize,
                                                                                       com.google.crypto.tink.proto.HashType hashType)

Returns:

a KeyTemplate containing a AesCtrHmacAeadKeyFormat with some specific parameters.

createKmsEnvelopeAeadKeyTemplate

public static com.google.crypto.tink.proto.KeyTemplate createKmsEnvelopeAeadKeyTemplate(java.lang.String kekUri,
                                                                                        com.google.crypto.tink.proto.KeyTemplate dekTemplate)

Returns a new KeyTemplate that can generate a KmsEnvelopeAeadKey whose key encrypting key (KEK) is pointing to kekUri and DEK template is dekTemplate. Keys generated by this key template uses RAW output prefix to make them compatible with the remote KMS' encrypt/decrypt operations. Unlike other templates, when you generate new keys with this template, Tink does not generate new key material, but only creates a reference to the remote KEK.