This doc lists known issues in Tink. Please report new issues by opening new tickets or emailing the maintainers at
Before 1.4.0, AES-CTR-HMAC-AEAD keys and the EncryptThenAuthenticate subtle implementation may be vulnerable to chosen-ciphertext attacks. An attacker can generate ciphertexts that bypass the HMAC verification if and only if all of the following conditions are true:
size_tis a 32-bit integer. This is usually the case on 32-bit machines.
This issue was reported by Quan Nguyen of Snap security team.
Tink supports Java 8 or newer. Java 7 support was removed since 1.4.0.
Tink is built on top of Java security providers, but, via Project Wycheproof, we found many security issues in popular providers. Tink provides countermeasures for most problems, and we've also helped upstream fix many issues. Still, there are some issues in old providers that we cannot fix. We recommend using Tink with the latest version of Conscrypt, Oracle JDK, OpenJDK or Bouncy Castle. If you cannot use the latest version, you might want to avoid using ECDSA (alternative: ED25519) or AES-GCM (alternatives: AES-EAX, AES-CTR-HMAC-AEAD or XChaCha20-Poly1305).
The minimum API level that Tink supports is 19 (Android KitKat). This covers more than 90% of all Android phones. Tink hasn't been tested on older versions. It might or might not work. Drop us a line if you really need to support ancient Android phones.
On Android Marshmallow (API level 23) or older, the
newSeekableDecryptingChannel method in implementations of
StreamingAead doesn't work. It depends on SeekableByteChannel, which is only available on API level 24 or newer. Users should use
On Android Lollipop (API level 21) or older,
AndroidKeysetManager does not support wrapping keysets with Android Keystore, but it'd store keysets in cleartext in private preference. This is secure enough for most applications.
On Android KitKat (API level 19) without Google Play Services,
AES-GCM does not work properly because KitKat uses Bouncy Castle 1.48 which doesn't support updateAAD. If Google Play Services is present,
AES-GCM should work well. If you want to support all Android versions, without depending on Google Play Services, please use