Closed ghost closed 1 year ago
Yes, this is currently not supported, and we currently don't have plans to add it.
But you can implement this yourself, if you first serialize the keyset, and then encrypt it using a DeterministicAead. In Java, this would be:
byte[] serializedKeyset = TinkProtoKeysetFormat.serializeKeyset(keysetHandle, InsecureSecretKeyAccess.get()); DeterministicAead daead = keysetEncryptionKeysetHandle.getPrimitive(DeterministicAead.class); byte[] encryptedKeyset = daead.encryptDeterministically(serializedKeyset, associatedData);
Other language would be similar, but you'll need to use the CleartextKeysetHandle and the BinaryKeysetWriter.
The keyset handle does not support AES SIV DeterministicAead to write a keyset