Skip to content

Welcome to AnkaSecure

The crypto-agility orchestration layer for post-quantum migration. Govern, rotate and migrate your cryptography as policy — not as code.

🚀 Start testing now

AnkaSecure manages the policy, lifecycle, audit and migration tooling around your cryptography. The cryptographic primitives are FIPS-approved (FIPS 197, 186-5, 203, 204, 205); module-level FIPS 140-2/140-3 coverage is provided by the HSM you already deploy (Thales Luna, AWS CloudHSM, Entrust nShield). The result: blend post‑quantum cryptography (PQC) with proven classical algorithms, change algorithms via configuration in seconds, and keep applications untouched — today and after quantum computers arrive.

Key capabilities at a glance

Area What you get
Crypto-agility orchestration Swap algorithms via policy in seconds — applications keep using stable key IDs. No code changes, no redeploys.
Key Generation & Lifecycle Create, import, rotate, revoke and audit keys for classical and PQC algorithms.
Secure APIs (Compact JWS / JWE) Encrypt ⇄ decrypt, sign ⇄ verify, re‑encrypt and re‑sign with just one JSON call.
Secure Streaming APIs The same power, but for multi‑gigabyte files using detached‑JWS and JWET streaming.
Migration & Interoperability Bulk import of existing RSA/ECC/PQC keys, PKCS#12 onboarding, ad‑hoc public‑key utilities.
HSM-backed deployment Sits above the customer-deployed FIPS-validated HSM; never replaces it. The HSM owns key material; AnkaSecure owns governance.

NEW in Version 3.0.0

Composite Hybrid Keys --- combine classical + post‑quantum algorithms for defense‑in‑depth security.

  • COMPOSITE_KEM_COMBINE mode: X25519/RSA + ML‑KEM encryption with AND‑decrypt semantics (1000× more secure than OR‑decrypt).

  • COMPOSITE_SIGNATURE mode: Ed25519/ECDSA + ML‑DSA dual signatures with configurable verification policies.

  • NIST CSWP 39 & GSA PQC compliant --- ready for federal procurement and Executive Order 14144 requirements.

  • Zero code changes --- same API as simple keys, transparent operation.

👉 Get started in 10 minutes | View Flow 29 example

Supported algorithms

Post‑quantum ✔  -  Classical ✔  -  Symmetric ✔

Family Algorithms
KEM / Encapsulation ML‑KEM (512/768/1024) - HQC‑256/512 - FrodoKEM‑1344 - RSA‑2048/3072 - ECIES (P‑256/P‑384)
Digital Signatures ML‑DSA‑44/65/87 - Falcon‑512/1024 - SLH‑DSA - RSA‑PSS (PS256/384) - ECDSA (ES256/384/512)
Symmetric AES‑128/192/256

👉 Full matrix & migration guide --- security levels, performance, sunset dates.

API categories

  1. Authentication --- obtain JWTs (OAuth 2/OIDC) for every request.

  2. Key Management --- create, import, export, patch, rotate, revoke.

  3. Secure (Compact JWS/JWE) --- JSON crypto calls for payloads ≤ 5 MB.

  4. Secure Streaming (Detached‑JWS & JWET) --- chunk‑based crypto for terabyte‑scale files.

  5. Migration & Interoperability --- PKCS#12 import, bulk key onboarding, one‑off public‑key utilities.

Together these areas cover the entire cryptographic life‑cycle in a single, quantum‑ready system.

📁 OpenAPI Specification: download the always-current OpenAPI 3.0 spec from the ANKASecure© Developer Hub. The Hub serves it in sync with the live API, so any code generator (openapi-generator, oapi-codegen, swagger-codegen, etc.) consumes the right contract.

Why move to post‑quantum cryptography now?

  • NIST has already selected ML‑KEM (Kyber) and ML‑DSA (Dilithium) as the first PQC standards.

  • Large tech companies and governments are transitioning today to avoid a store‑now‑decrypt‑later attack window.

  • AnkaSecure lets you migrate incrementally --- re‑encrypt or re‑sign existing data in‑place without pulling every byte through your application.

Read the algorithm matrix for threat timelines and parameter advice.

Tooling for rapid adoption

Tool What it's for Docs
AnkaSecure CLI Cross-platform scriptable interface for local tests, CI/CD and DevSecOps. Available for Windows, macOS, and Linux. CLI overview
Java SDK Native wrapper that hides OpenAPI classes SDK guide
Postman collection Zero‑config exploration of every endpoint. Download

Five‑minute quick‑start

  1. Download the CLI (Windows/macOS/Linux) or SDK from the Downloads page.

  2. Create your first PQC key (/api/key-management/keys).

  3. Encrypt a sample file with curl or the CLI.

  4. Decrypt it back --- verify X-Key-Used to see rotation in action.

  5. Explore the streaming endpoints for anything larger than 5 MB.

Need help? Check the SDK Usage Guide or email us at info@ankatech.co.

© 2025 ANKATech Solutions INC. --- built for a quantum world.