Scenario 8 – EC-521 → ML-KEM-768 Bulk Re-encryption (Compact JWE)

This scenario performs a non-streaming migration of ciphertext from a classical EC-521 key to a post-quantum ML-KEM-768 key, entirely on the server side (no plaintext exposure):

Generate an EC-521 key and encrypt a file (Compact JWE).
Generate an ML-KEM-768 key.
Re-encrypt the EC ciphertext on the server (EC-521 → ML-KEM-768).
Decrypt the new KEM ciphertext.
Validate round-trip integrity.

Implementation notes (Java 21+):

Filesystem operations rely on the Path API.
UTF-8 encoding is enforced explicitly for deterministic behaviour.
Temporary artefacts are written under temp_files/.

Thread-safety: this class is stateless and immutable.

Since:: 2.1.0
Author:: ANKATech – Security Engineering

Method Summary

Modifier and Type

Method

Description

static void

main(String[] args)

Entry-point.

Methods inherited from class java.lang.Object
equals, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Method Details
- main
  
  public static void main(String[] args)
  
  Entry-point.

Class ExampleScenario8

Scenario 8 – EC-521 → ML-KEM-768 Bulk Re-encryption (Compact JWE)

Method Summary

Methods inherited from class java.lang.Object

Method Details

main