Is your feature request related to a problem?

We use Tink as a key management framework for RSA encryption and decryption. We define two custom primitive interfaces with their corresponding custom KeyManager and PrimitiveWrapper implementations. The actual cryptography is standard RSA JCE.

We are currently pinned to an older version of Tink because upgrading to the latest is blocked by a series of breaking changes that removed support for custom primitive registration:

• PrimitiveSet and PrimitiveWrapper removed from public API
• Registry.registerKeyManager() rejects custom primitives not in ALLOWED_PRIMITIVES

We had to implement these because Tink doesn't seem to offer a built-in primitive for direct RSA encryption.

What sort of feature would you like to see?

I think any of the following would unblock us:

1. A supported mechanism for registering custom primitives - Issue Using a custom primitive not supported by Tink #56 seems to mention this was on the radar, but it looks like it has no timeline?
2. A stable internal API surface for custom primitive registration - if full public support isn't planned, documenting which internal APIs are safe for external use would help us plan upgrades.
3. A built-in RSA encryption primitive - RSA-OAEP or RSA-PKCS1 encryption (not signing) for small payloads.

Have you considered any alternative solutions?

We can potentially use Tink's internal API. This may work but it is obviously fragile - future internal API changes will require further adaptation.

Thanks in advance for any feedback!