The goal of the integration of crypto and KMS plugins components in Aries framework is to provide a pluggable service providers interface interfaces for Cryptographic operations such as Encryption, Decryption, Signing and Verification as well as keys management operations usually offered by a KMS (Key Management Service).
...
The plan is to have a new service provider interface (SPI for short) to handle Crypto and KMS operations. These operations will serve as wrapper to Tink primitive functions like Encrypt(), Decrypt(), Sign(), Verify(), GenerateKey(), DisableKey(), etc. See Diagram below that depicts the design of this Aries Crypto framework. In this diagram, Tink's Crypto primitives are used directly in the `Crypto SPI` default Crypto SPI default implementation and will use a KMS implementation provided by Tink directly (Phase 1). The second part of the diagram provides a more generic KMS interface that is not directly tied to Tink to allow for third party KMS integrations (Phase 2). In order to maintain compatibility with Tink, an adapter is required to translate the KMS implementation with Tink's Crypto primitives (ie translate keys into *keyset.Handle instances). Phase 2 can be done at a later stage once the first phase is completed.
...