Skip to content
Snippets Groups Projects
Normal view History Permalink
KNOWN-ISSUES.md 2.57 KiB
Newer Older
Thai Duong's avatar
Bumping the version number to 1.1.0.  
Thai Duong committed
1 
# Known Issues in Tink
Thai Duong's avatar
Documenting known issues.
Thai Duong committed
2 3 

This doc lists known issues in Tink. Please report new issues by opening new
Thai Duong's avatar
Bumping the version number to 1.1.0.  
Thai Duong committed
4 
tickets or emailing the maintainers at `tink-users@googlegroups.com`.
Thai Duong's avatar
Documenting known issues.
Thai Duong committed
5
Thai Duong's avatar
Bumping the version number to 1.1.0.  
Thai Duong committed
6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 
## Java

*   Tink supports Java 7 or newer. Please file a ticket if you want to support
    Java 6.

*   Tink is built on top of Java security providers, but, via [Project
    Wycheproof](https://github.com/google/wycheproof), we found many security
    issues in popular providers. Tink provides countermeasures for most
    problems, and we've also helped upstream fix many issues. Still, there are
    some issues in old providers that we cannot fix. We recommend use Tink with
    the latest version of Conscrypt, Oracle JDK, OpenJDK or Bouncy Castle. If
    you cannot use the latest version, you might want to avoid using ECDSA
    (alternative: ED21559) or AES-GCM (alternatives: AES-EAX or
    AES-CTR-HMAC-AEAD).

## Android
Thai Duong's avatar
Documenting known issues.
Thai Duong committed
22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 

*   The minimum API level that Tink supports is 19 (Android KitKat). This covers
    more than 90% of all Android phones. Tink hasn't been tested on older
    versions. It might or might not work. Drop us a line if you really need to
    support ancient Android phones.

*   On Android Marshmallow (API level 23) or older, the
    `newSeekableDecryptingChannel` method in implementations of `StreamingAead`
    doesn't work. It depends on
    [SeekableByteChannel](https://developer.android.com/reference/java/nio/channels/SeekableByteChannel.html),
    which is only available on API level 24 or newer. Users should use
    `newEncryptingStream` instead.

*   On Android Lollipop (API level 21) or older, `AndroidKeysetManager` does not
    support wrapping keysets with Android Keystore, but it'd store keysets in
    cleartext in private preference. This is secure enough for most
    applications.

*   On Android KitKat (API level 19) without [Google Play
    Services](https://developers.google.com/android/guides/overview), `AES-GCM`
    does not work properly because KitKat uses Bouncy Castle 1.48 which doesn't
    support updateAAD. If Google Play Services is present, `AES-GCM` should work
    well. If you want to support all Android versions, without depending on
    Google Play Services, please use `CHACHA20-POLY1305`, `AES-EAX`, or
    `AES-CTR-HMAC-AEAD`.
Thai Duong's avatar
Bumping the version number to 1.1.0.  
Thai Duong committed
47 48 49 50 51 52 53 54 

## Signature malleability

*   ECDSA signatures are malleable. You probably can ignore this issue, unless
    you're working on Bitcoin or cryptocurrencies and have to worry about
    [transaction
    malleability](https://en.bitcoin.it/wiki/Transaction_malleability). In that
    case you want to use ED25519 signatures which are non-malleable.