Class SignFileResult

Object
SignFileResult
public final class SignFileResult extends Object
Immutable value object returned by
invalid reference 
co.ankatech.ankasecure.sdk.AnkaSecureSdk#signFile(java.nio.file.Path, String)
.

This class bundles the full Compact JWS produced by the Anka Secure platform when signing a file, along with exhaustive metadata about the key operations and any non-fatal warnings.

Compact JWS Structure

A Compact JWS consists of three Base64URL-encoded segments separated by dots:

  1. Header: JSON object containing signature metadata such as alg (e.g. Falcon-1024) and kid (key identifier).
  2. Payload: the detached or embedded file content, depending on your configuration.
  3. Signature: the digital signature computed over the header and payload, using the negotiated PQC or hybrid algorithm.
Because the JWS already carries both data and signature (per RFC 7515), you can either store the token verbatim or process it with any standards-compliant JWS library.

Persistence Strategy

The SDK writes the Compact JWS to the signatureFile path provided by the caller, encoded as UTF-8. The resulting file can be retained for later verification via the SDK or fed into third-party tools.

Metadata

  • keyRequested – the kid originally supplied by the client.
  • actualKeyUsed – the effective kid after server-side rotation/succession logic.
  • algorithmUsed – the exact signature algorithm negotiated (e.g. SLH-DSA-256 or Falcon-1024).
  • warnings – any non-fatal issues returned by the service (soft usage limits, pending expiry), or null if none.

Thread-Safety

Instances are simple data holders; after construction they may be shared across threads safely, provided no setter is invoked.

All getters return non-null values except getWarnings(), which may be null when no warnings were issued.

  • Constructor Details

    • SignFileResult

      public SignFileResult()

  • Method Details

    • getJwsToken

      public String getJwsToken()
      Returns the raw Compact JWS exactly as issued by the server.
      Returns:
      non-null Compact JWS string

    • getKeyRequested

      public String getKeyRequested()
      Returns the key identifier originally requested by the client.
      Returns:
      non-null requested kid

    • getActualKeyUsed

      public String getActualKeyUsed()
      Returns the effective key identifier used after any server-side rotation.
      Returns:
      non-null actual kid

    • getAlgorithmUsed

      public String getAlgorithmUsed()
      Returns the signature algorithm negotiated by the service (e.g. SLH-DSA-256 or Falcon-1024).
      Returns:
      non-null algorithm identifier

    • getWarnings

      public List<String> getWarnings()
      Returns any non-fatal warnings issued by the service.
      Returns:
      list of warnings or null if none