Released on 2020-06-05

Encryption sessions

The encryption sessions feature is now generally available. This allows you to encrypt multiple resources with a reduced number of keys. This guide will help you getting started.

Bug fix

  • FileKit: Sign all headers when getting a GCS file upload URL


Released on 2020-04-23.

  • Internal improvements
  • Improve support of Node 12
  • Drop support of Node 8 (end of life)


Released on 2020-03-11.


  • Add the prehashPassword function
  • Some APIs now return a Conflict error if there was a concurrent operation made by another device on the server.


Released on 2020-02-19.


  • Misc internal performance improvements
  • Make websocket reconnection lazy (only try to reconnect on next api call)
  • Additional safety checks in internal procedures
  • Additional tests on identities
  • Fix a confusing error message when sharing with an unknown or corrupted identity


Released on 2020-01-15.


  • Fix a revocation bug introduced in 2.2.5
  • Fix the mechanism when server connections are rejected


Released on 2019-12-24.


  • Internal performance improvements
  • Simplify revocation handling in Tanker apps. Before version 2.2.5, you had to subscribe to the deviceRevoked event and handle the revocation in a callback. Starting with this release, this is no longer necessary. Instead, calling any encryption method on Tanker while the device is revoked will throw a new DeviceRevoked exception, trigger the deviceRevoked event and close the session.


Released on 2019-11-12.


  • Internal performance improvements


Released on 2019-10-10.



  • Fix a rendering issue on IE11


Released on 2019-10-04.


  • Fix calling filekit.start() before the document's body is ready


Released on 2019-09-16.

Bug fix

  • Fix a bug where uploading empty files would deadlock


Released on 2019-09-06.


  • New onProgress option in encryption and decryption methods to specify a progress handler
  • Fix missing @tanker/* dependency declarations in internal packages
  • Fix UMD file size in the @tanker/verification-ui package (1.1MB -> 280kB)
  • Slightly reduce overall package sizes


  • New onProgress option in upload and download methods to specify a progress handler
  • Gracefully handle ExpiredVerification errors
  • Throw InvalidArgument instead of InternalError if obviously wrong fileId given in download()
  • Allow Chromium-based Edge (beta) to upload in chunks (RAM efficiency)


Released on 2019-08-28.


  • Deprecate constructor option trustchainId in favor of appId


Released on 2019-08-27.

Bug fix

  • Fix a visual bug for smaller screens in verification UI


Released on 2019-08-27.


  • Allow sharing a file at any time after upload
  • Fix a visual bug on Edge in verification UI


Released on 2019-07-26.

FileKit support

FileKit is the latest Tanker product. It is an end-to-end encrypted file storage service for apps. See FileKit documentation for more details.

Two methods were added to support FileKit: upload and download files.

The Tanker SDK is now known as Tanker Core.


Tanker is now capable to start even if there is no network connection or if the Tanker server is not reachable, given the user already has validated their identity on the local device. This will still require the user to have their Tanker Identity.

When this happens, users will still be able to decrypt data for which the keys have already been downloaded on their local device. Actions requiring the Tanker server, like encrypting new data or verifying a user's identity will fail with a NetworkError.


This is a major release with many backward incompatible changes. If you are using a SDK version in the 1.x series, make sure to read the migration guide before upgrading.

Table of contents:



The Tanker SDK now allows pre-registration sharing. This means you can share resources with users who do not have registered their identity with Tanker yet.

Multi-device support improvement

With a SDK version in the 1.x series, users could register an invalid email at account creation, thus making it impossible for them to recover access to their data in case of device loss.

This and similar problems have been fixed in this release:

  • It is no longer possible to register a device with Tanker without any verification method.
  • Once a verification method has been chosen it must be verified right away - this means you should adapt the UX flow of account creation in your application.

API revamp

In order to implement these changes, the Tanker API has changed significantly. See the migration guide for details.

New concepts


The SDK version 1.10.x required IDs and user tokens to identify users of your application.

In 2.0, a single concept named "identity" is used instead.

Those identities can be sorted on two axes:


  • Public identity: used to share encrypted data (either directly or within a group).
  • Secret identity: used to match a user of the application with a user registered Tanker's servers. It should only be sent from the application server to the application after a successful authentication.


  • Permanent identity: represents a user who is registered on Tanker's servers.
  • Provisional identity: represents a user who is not yet registered Tanker's servers.


The concept of "unlock" has been renamed to "verification". For instance, instead of "unlock devices", we use the term "verify identities".

Please check the guide for more information.

Removal of deprecated features

ChunkEncryptor class

The ChunkEncryptor class was deprecated in 1.10 and thus has been removed in the 2.0 release.

toString(), fromString() functions

The toString() and fromString() functions have been removed. They were an implementation detail of the Tanker SDK that should not have been exposed. Note that toBase64 and fromBase64 are still available.

unlockRequired, waitingForValidation events

The unlockRequired and waitingForValidation events are gone. Instead of using a callback, use tanker.verifyIdentity() after checking the returned value of tanker.start().