Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

KeysetHandle deprecations #49

Open
anttiVuorinen opened this issue Dec 27, 2024 · 2 comments
Open

KeysetHandle deprecations #49

anttiVuorinen opened this issue Dec 27, 2024 · 2 comments
Assignees
@tholenst

Comments

@anttiVuorinen
Copy link

anttiVuorinen commented Dec 27, 2024
edited
Loading

After updating to 'com.google.crypto.tink:tink:1.16.0' some features were deprecated. Most notably KeysetHandle read() and getPrimitive() methods. But documentations and examples shows also deprecated style of coding. Where should I migrate to?

Implementation that complains deprecation.

private DeterministicAead createHandle() {
    try {
      DeterministicAeadConfig.register();
        String keyUri =
            "gcp-kms://projects/"
                + kmsProject
                + "/locations/"
                + kmsLocation
                + "/keyRings/"
                + kmsKeyRingId
                + "/cryptoKeys/"
                + kmsKeyId;
        KmsClient kmsClient = new GcpKmsClient().withDefaultCredentials();
        Aead masterKey = kmsClient.getAead(keyUri);

      KeysetHandle  keysetHandle =
            KeysetHandle.read(JsonKeysetReader.withString(tinkDataEncryptionKey), masterKey);
      return keysetHandle.getPrimitive(DeterministicAead.class);
    } catch (GeneralSecurityException | IOException e) {
      log.error("Creation of encryption handle failed", e);
      throw new ResponseStatusException(HttpStatus.INTERNAL_SERVER_ERROR, ENCRYPTION_FAILED);
    }
}
@tholenst
Copy link
Contributor

tholenst commented Jan 6, 2025

Thanks for the question! In general, we try to be explicit about this in our java doc -- let me know if this isn't the case here.

For the getPrimitive call,

tink-java/src/main/java/com/google/crypto/tink/KeysetHandle.java

Lines 1142 to 1146 in ce33b3d

* @deprecated New users should use {@code KeysetHandle.getPrimitive} with a suitable
* {@code Configuration}. Existing users can use
* {@code KeysetHandle.getPrimitive(RegistryConfiguration.get(), targetClassObject)} for
* exactly the same behavior.
*/
explains that you can basically inline the call -- i.e., you just add RegistryConfiguratoin.get(). (This makes explicit that you want to use the configuration of Tink which is specified by register calls, in the future we will add more options).

For the read call,

tink-java/src/main/java/com/google/crypto/tink/KeysetHandle.java

Line 805 in ce33b3d

* @deprecated New users should prefer TinkProtoKeysetFormat. Existing users can use
explains that you can use the corresponding method in LegacyKeysetSerialization. You can check there which method forwards to the corresponding KeysetHandle method you want.

We also plan to provide refaster templates to do (some of) these refactorings automatically: https://github.com/tink-crypto/tink-java/blob/main/tools/refaster/README.md -- for the refactorings you list here this still needs to be done, however.

I will leave this open in order to remind me that I should add these templates.

@tholenst tholenst self-assigned this Jan 6, 2025
@anttiVuorinen
Copy link
Author

Thank you. Given instructions helped.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@tholenst tholenst

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@tholenst @anttiVuorinen