Class ExampleScenario27
java.lang.Object
co.ankatech.ankasecure.sdk.examples.ExampleScenario27
Scenario 27: Key Lifecycle Management with Revocation
Demonstrates the lifecycle of a cryptographic key from creation through active use, monitoring, and revocation. This is critical for security operations, compliance scenarios, and handling compromised keys.
Key Lifecycle States:
- ACTIVE: Key can be used for cryptographic operations
- REVOKED: Key is marked as untrusted, operations fail immediately
Why Revocation?
- Security incident: Key suspected or confirmed as compromised
- Audit trail: Preserve key metadata for compliance and forensics
- Immediate blocking: All operations fail instantly after revocation
- Non-reversible: Once revoked, key cannot be reactivated
Steps:
- Generate ML-KEM-512 key with lifecycle constraints (expiry: +1h, max usage: 10)
- Export and display initial metadata (status: ACTIVE, usageCount: 0)
- Verify key is usable (test encryption)
- Perform 5 cryptographic operations (track usage)
- Export mid-lifecycle metadata (usageCount: 5)
- Perform 4 more operations (total: 9, approaching limit)
- Revoke key (mark as untrusted)
- Verify operations fail after revocation (expect HTTP 409/403)
- Export final metadata (status: REVOKED, metadata preserved for audit)
Compliance Notes:
- Audit requirements: Revoked keys maintain metadata for forensics and compliance
- Security incident response: Immediate revocation blocks all operations
- Key rotation: Revoke old key when rotating to new key
- Non-repudiation: Preserved metadata ensures accountability
API Endpoints:
- POST /api/key-management/keys (generate key with constraints)
- GET /api/migration/keys/{kid} (export metadata)
- POST /api/crypto/encrypt (test operations)
- POST /api/key-management/keys/{kid}/actions/revoke (revoke key)
- Since:
- 3.0.0
-
Method Summary
-
Method Details
-
main
-