Choisir une primitive
Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
Sélectionnez votre cas d'utilisation pour identifier la primitive appropriée, puis suivez le lien pour obtenir des conseils sur l'utilisation de la primitive.
Chiffrer les données…
Toutes ces primitives peuvent lier le texte chiffré à son contexte.
Assurez l'authenticité et l'intégrité des données en…
Divers
Vous avez une question ?
Créez un problème dans le dépôt GitHub spécifique à la langue, disponible sur la page de l'organisation Tink.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/07/25 (UTC).
[null,null,["Dernière mise à jour le 2025/07/25 (UTC)."],[[["\u003cp\u003eTink provides cryptographic primitives for encrypting data, ensuring authenticity and integrity, and managing keys, categorized by use case for easy selection.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers can choose from primitives like AEAD, Streaming AEAD, Deterministic AEAD, KMS Envelope AEAD, and Hybrid Encryption for data encryption with varying features and functionalities.\u003c/p\u003e\n"],["\u003cp\u003eMAC and Digital Signature primitives are available for verifying data integrity and authenticity, with different verification mechanisms.\u003c/p\u003e\n"],["\u003cp\u003eTink supports JSON Web Tokens (JWTs) and offers KMS-Encrypted Primitives for advanced key management scenarios.\u003c/p\u003e\n"],["\u003cp\u003eDetailed guidance on primitive usage is accessible via linked documentation for each specific implementation.\u003c/p\u003e\n"]]],["The content outlines cryptographic primitives based on use cases. For encrypting data, options include AEAD for standard needs, Streaming AEAD for large data, Deterministic AEAD for consistent ciphertexts, KMS Envelope AEAD for key protection, and Hybrid Encryption for public/private key scenarios. For data integrity and authenticity, MACs and Digital Signatures are available. Additional primitives include JWTs, and KMS-encrypted primitives for securing keysets. All encryption methods allow binding ciphertext to context. Questions can be raised in the GitHub repository.\n"],null,["# Choose a primitive\n\nSelect your use case to identify the correct primitive, then follow the link for\nguidance on using the primitive.\n\nEncrypt data...\n---------------\n\n| | Primitive | Details |\n|--------------------------------------------------------------------------------|----------------------------------------------------------|-----------------------------------------------------------------------------------------------------------------------------------------------|\n| [...in standard sizes](/tink/encrypt-data) | **Authenticated Encryption with Associated Data (AEAD)** | - Suitable for most needs - Accepts plaintexts up to 2^32^ bytes - Provides plaintext confidentiality and verifies integrity and authenticity |\n| [...in large files or data streams](/tink/encrypt-large-files-or-data-streams) | **Streaming AEAD** | - For data that is too large to be processed in a single step |\n| [...deterministically](/tink/deterministic-encryption) | **Deterministic AEAD** | - Produces same ciphertext for a given plaintext and key |\n| [...with keys protected by a KMS](/tink/client-side-encryption) | **Key Management System (KMS) Envelope AEAD** | - Encrypts every plaintext with new AEAD key - Encrypts every AEAD key with KMS |\n| [...with public key, decrypt data with private key](/tink/exchange-data) | **Hybrid Encryption** | - Not authenticated - Useful when senders cannot store secrets (private key) |\n\nThese primitives are all able to [bind ciphertext to its\ncontext](/tink/bind-ciphertext).\n\nEnsure authenticity and integrity of data by...\n-----------------------------------------------\n\n| | Primitive | Details |\n|------------------------------------------------------------------------------------------------|---------------------------------------|-------------------------------------------------------------------|\n| [...creating and verifying MAC with one key](/tink/protect-data-from-tampering) | **Message Authentication Code (MAC)** | - Very fast - Only verifiable by parties who can also create MACs |\n| [...creating signature with private key, verifying with public key](/tink/digitally-sign-data) | **Digital Signature** | - Verifiable by parties who cannot create signatures |\n\nMiscellany\n----------\n\n| | Primitive | Details |\n|-------------------------------------------------------------------------------------------|-----------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------|\n| [Create and verify JWTs](/tink/create-jwts) | **JSON Web Tokens (JWTs)** | - Can additionally convert to / from JSON Web Key (JWK) format |\n| [Encrypt any primitive's keyset with a KMS](/tink/key-management-overview#encrypt_keyset) | **KMS-Encrypted Primitive** | - Doesn't require interacting with the KMS every time the primitive is used (e.g. to encrypt a plaintext), unlike [KMS Envelope AEAD](#encrypt_data) |\n\nHave a question?\n----------------\n\nCreate an issue in the language-specific GitHub repository linked on the [Tink\norganization page](https://github.com/tink-crypto)."]]
