Class EncryptFileResult

Object
EncryptFileResult
public class EncryptFileResult extends Object
Value object returned by
invalid reference 
co.ankatech.ankasecure.sdk.AnkaSecureSdk#encryptFile()
.

This class encapsulates the full Compact JWE produced by the Anka Secure platform when encrypting a file. A Compact JWE is represented as five Base64URL-encoded segments separated by dots:

  1. Protected Header: JSON object containing JWE metadata such as alg (key management algorithm, e.g., hybrid ML-KEM-1024), enc (content encryption algorithm, e.g., A256GCM), and kid (key identifier).
  2. Encrypted Key: the Data Encryption Key (DEK) encrypted with the server-selected hybrid algorithm, combining classical (RSA/ECC) and post-quantum (e.g., Kyber) mechanisms for quantum resilience.
  3. Initialization Vector (IV): random nonce for AEAD.
  4. Ciphertext: the encrypted file payload.
  5. Authentication Tag: ensures integrity and authenticity of the payload.

The Protected Header binds the classical key-wrap algorithm and the post-quantum key encapsulation into one hybrid scheme, ensuring both forward security and quantum resistance. Because the JWE format already packages all necessary cryptographic parameters and material, applications can store or transmit the jweToken directly, or process it further with any standards-compliant JWE library.

Persistence Strategy The SDK writes the Compact JWE verbatim to the outputFile path provided by the caller, encoded as UTF-8. Because the token already contains the encrypted key material, IV, ciphertext and authentication tag (per RFC 7516), the application can:

  1. Store the file as-is for later decryption via the SDK, or
  2. Pass the string to any standards-compliant JWE library for additional processing.

Thread-Safety: Instances are immutable data carriers after construction and may be shared across threads safely.

  • Constructor Details

    • EncryptFileResult

      public EncryptFileResult()

  • Method Details

    • getJweToken

      public String getJweToken()
      Returns the raw Compact JWE exactly as emitted by the server.
      Returns:
      non-null Compact JWE string

    • getKeyRequested

      public String getKeyRequested()
      Returns the key identifier originally supplied by the client.
      Returns:
      non-null requested kid

    • getActualKeyUsed

      public String getActualKeyUsed()
      Returns the effective key identifier used by the server after rotation or successor resolution.
      Returns:
      non-null effective kid

    • getAlgorithmUsed

      public String getAlgorithmUsed()
      Returns the hybrid algorithm negotiated by the server, combining key-encryption and content-encryption.
      Returns:
      non-null algorithm identifier

    • getWarnings

      public List<String> getWarnings()
      Returns any warning messages returned by the service. Absence of warnings is represented by null.
      Returns:
      list of warnings or null if none