H Tink String encryption using PBE and GUI

Hinweis: die deutsche Version dieses Artikels findet Ihr hier: H Tink Stringverschlüsselung mit PBE und GUI.

This is the shortened version of the German article. Google Tink is a nearly perfect cryptografic library but it looks like a „closed shop“. The developers try to hold the users back from using unsecure sourcecode and usage of keys to or from others systems. The key material is encapsulated in KeysetHandles and user that wants to exchange (e.g. symmetric) keys has to find a secure way to do so (maybe on a personal contact). The most easy way of exchanging a password could be done via phone and usage of a „Password based encryption“ (PBE) that strongens the password. Some Details can be found here on A08 PBKDF2-Verfahren.

Unfortunately the actual library of Tink does not support any kind of PBE so many users marked Tink as unusable for this task – maybe until now. I developed a class (TinkPbe.java) that hold the complete code and You just need 4 additional lines of sourcecode to implement a secure textbased encryption with a manual passwort input.

I created a simple graphical Desktop that shows how easy it is to implement AES GCM with 256 Bit keylength. If you prefer a non graphic software have look to H Tink Stringverschlüsselung mit PBE Konsole that shows how to implement it there.

Please keep in mind two facts: the unencrypted plaintext is hold in Strings so its inmutable and undeletable in your heap and so maybe accessible via a trojan. The second advice: there is no way to recover the plaintext from the ciphertext when the password is lost [no password – no data].

You can find the 4 additional lines of code in lines 53, 54, 83 (Encryption) and 97 (Decryption):

This is the class TinkPbe.java:

All sourcecodes to this solution are available in my Github-Archive with this link: https://github.com/java-crypto/H-Google-Tink. All programs run with Java 8 and Java 11.

The licence (or better unlicence) to my solution is available here: Lizenz-Seite.

Last edit: 20.11.2019