AnkaSecure SDK — Integration Flows
The SDK ships with 23 runnable reference flows that demonstrate, line by line, how to solve the most common (and a few advanced) cryptographic tasks with AnkaSecure:
- classical → post-quantum migration
- detached-stream processing of multi-gigabyte files
- key-life-cycle automation, immediate rotation, RFC 7396 merge-patches
- public-key utilities that never persist material server-side
Each flow lives in its own Markdown file containing copy-paste-ready Java code — no stubs, no ellipsis.
How to use the flows
- Choose a scenario from the table below.
- Click “View Code” to open the standalone
.mdthat contains the full Java class (it has amainmethod). - Compile & run with your
cli.propertiesor adapt snippets into your project.
Need the bigger picture ? * SDK Overview — architecture & design goals * Using the SDK in Java — dependency setup, error handling patterns, etc.
Integration flows catalogue
| # | Flow name | When to use / Typical scenario | Code |
|---|---|---|---|
| 1 | Asymmetric Encrypt / Decrypt (Streaming) | Encrypt & decrypt GB-scale files with a freshly-generated post-quantum key. | View Code |
| 2 | Detached-JWS Sign / Verify (Streaming) | Protect log archives or binaries during CI — signature is produced & verified while the file streams. | View Code |
| 3 | Symmetric Encrypt / Decrypt (Streaming) | Fast, memory-flat encryption of big data sets with AES-256 when no public-key exchange is required. | View Code |
| 4 | Asymmetric Re-encrypt (Streaming) | Lift existing RSA ciphertext to ML-KEM without ever touching plaintext (zero-exposure migration). | View Code |
| 5 | ML-KEM-512 Encrypt / Decrypt (Compact) | Quick in-memory demo — Ideal for unit tests or small payload micro-services. | View Code |
| 6 | ML-DSA-87 Sign / Verify (Compact) | Post-quantum signing of configuration files or JSON messages below 5 MiB. | View Code |
| 7 | AES-256 Encrypt / Decrypt (Compact) | Lightweight symmetric encryption for secrets or tokens stored in DB fields. | View Code |
| 8 | EC-521 → ML-KEM-768 Re-encrypt (Compact) | Point-in-time upgrade of legacy EC KEM to PQC for small messages. | View Code |
| 9 | RSA-2048 → ML-DSA-65 Re-sign (Compact) | Replace classical signatures on JSON/JWT artefacts with post-quantum equivalents. | View Code |
| 10 | Public-Key Utility — Encrypt & Decrypt | Encrypt client-side with an exported ML-KEM-1024 public key; decrypt server-side — no key import needed. | View Code |
| 11 | Public-Key Utility — Sign & Verify | Produce a server-side ML-DSA-87 signature and verify locally to audit trust boundaries. | View Code |
| 12 | Stream Re-sign (RSA-2048 → Falcon-1024) | Large-file signature upgrade without full buffering — perfect for media or VM images. | View Code |
| 13 | PKCS#12 Import & Hybrid Crypto | On-board legacy CA keys, then use them for both signing and encryption in a single workflow. | View Code |
| 14 | Key Management & License Telemetry | End-to-end life-cycle: generate → export → revoke → reuse, plus live license/usage introspection. | View Code |
| 15 | ML-DSA-87 Sign / Verify (Streaming) | High-throughput post-quantum signing when the artefact doesn’t fit in RAM. | View Code |
| 16 | ML-KEM-1024 Encrypt / Decrypt (Streaming) | Archive-grade (≥ 30 year) encryption for huge backups — CEK wrapped with ML-KEM-1024. | View Code |
| 17 | Immediate Key Rotation & Metadata Probe | Generate key A, rotate to key B in one call, verify the chain links via exported metadata. | View Code |
| 18 | Dynamic Limit / Lifetime Patch (AES-256) | Demonstrates RFC 7396 merge-patch to raise usage caps and extend expiry without downtime. | View Code |
| 19 | Supported-Algorithm Discovery Smoke-Test | Programmatically list RECOMMENDED algorithms, pick one, then run encrypt + sign round-trips. | View Code |
| 20 | In-memory JWE/JWS Quick-start | 100-line reference that combines compact encrypt + sign + verify for small payload automation. | View Code |
| 21 | Compact-token Rotation (Re-encrypt) | Rotate compact JWEs in bulk (old → new kid) when payloads are already under 5 MiB. | View Code |
| 22 | Detached-JWS Stream Verification | Continuous integrity scan of object-storage buckets — verify signatures as objects stream in. | View Code |
| 23 | RSA-2048 → ML-KEM-768 Immediate Rotation | One-call rotation between heterogeneous algorithms, showing automatic compatibility checks. | View Code |
Running the examples
- Provide credentials — ensure
cli.propertiesis available or pass-Dcli.config=/path/to/cli.properties. - Open the flow you’re interested in and compile the Java class.
- Execute — every class has a ready-to-run
main. - Inspect artefacts & console output to see keys, ciphertext, signatures, warnings, and metadata envelopes.
Need the CLI instead of Java?
All 23 flows map one-to-one to the 23 CLI commands documented in commands.md; pick whichever interface suits your pipeline.
Conclusion
These integration flows are production-grade blueprints that make it trivial to:
- adopt post-quantum algorithms,
- stream-encrypt multi-terabyte data sets,
- rotate keys or signatures without exposing plaintext,
- and enforce life-cycle policy in minutes rather than weeks.
For deeper dives read Using the SDK in Java or contact [email protected].
© 2025 Anka Technologies — All rights reserved.