Scenario 4 – Streaming Re-encrypt (RSA-2048 → ML-KEM-1024)

This scenario demonstrates how to migrate classical RSA-encrypted data to a post-quantum ML-KEM-encrypted format without exposing plaintext. All cryptographic operations use the streaming API, meaning the service exchanges a two-part detached JWE (General-JSON header + raw ciphertext stream).

Generate an RSA-2048 key.
Stream-encrypt a file (detached JWE).
Generate an ML-KEM-1024 key.
Re-encrypt the ciphertext on the server (RSA → KEM).
Stream-decrypt with the KEM key.
Validate round-trip integrity.

Temporary artefacts are placed under temp_files/.

Implementation notes (Java 21+):

All file operations rely on the Path API.
Encoding is explicitly set to UTF-8 for deterministic behaviour.
Directory creation delegates to ExampleUtil.ensureTempDir(Path).

Thread-safety: this class is stateless and immutable.

Since:: 2.1.0
Author:: ANKATech – Security Engineering

Method Summary

Modifier and Type

Method

Description

static void

main(String[] args)

Entry-point.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- main
  
  public static void main(String[] args)
  
  Entry-point.
  
  Parameters:
  
  args - ignored

Class ExampleScenario4

Scenario 4 – Streaming Re-encrypt (RSA-2048 → ML-KEM-1024)

Method Summary

Methods inherited from class java.lang.Object

Method Details

main