🔹 CLI Tools Overview
Introduction
The AnkaSecure CLI is a powerful command-line interface that provides direct access to cryptographic operations, key management, and security workflows using the AnkaSecure API.
Why Use AnkaSecure CLI?
✔ No programming required – Perform cryptographic operations directly from the terminal.
✔ Automation & Scripting – Ideal for CI/CD pipelines and DevSecOps workflows.
✔ Post-Quantum Cryptography – Supports ML-KEM, Dilithium, Falcon, and SPHINCS+.
How the CLI Works
The CLI communicates with AnkaSecure API to execute key generation, encryption, signing, and other security-related operations.
graph TD;
A[User] -->|Runs Commands| B[AnkaSecure CLI];
B -->|Sends Requests| C[AnkaSecure API];
C -->|Performs Crypto Operations| D[Crypto Engine];
C -->|Manages Keys| E[Key Store];Installation & Setup
Download the CLI
The AnkaSecure CLI is available for Windows, Linux, and macOS.
| Platform | Download |
|---|---|
| Windows | ankasecure-cli-windows.exe |
| Linux/macOS | AnkaSecureCLI.jar |
Configuration
The CLI requires authentication credentials stored in a cli.properties file.
Example Configuration (cli.properties)
clientId=myClientId
clientSecret=myClientSecret
openapi.scheme=https
openapi.host=demo.ankatech.co
openapi.port=443
Basic CLI Usage
The CLI follows the standard format:
java -jar AnkaSecureCLI.jar <command> [options]
🔑 Key Management Commands
Generate a New Key
java -jar AnkaSecureCLI.jar generate-key --kid myNewKey --kty ML-KEM --alg ML-KEM-512
Creates a post-quantum encryption key (ML-KEM-512). Additional options allow setting expiration, key operations, and usage limits.
List All Keys
java -jar AnkaSecureCLI.jar list-keys
Displays all stored keys without revealing private material.
Import a Key from JSON
java -jar AnkaSecureCLI.jar import-key --json-file myKey.json
Imports a cryptographic key stored in a JSON file.
Export a Key
java -jar AnkaSecureCLI.jar export-key --kid myNewKey --output-file keydata.json
Exports the metadata and public portion (if asymmetric) of a key.
Revoke a Key
java -jar AnkaSecureCLI.jar revoke-key --kid myNewKey
Marks a key as revoked, preventing further use.
Remove a Key
java -jar AnkaSecureCLI.jar remove-key --kid myNewKey
Deletes a key permanently from the keystore.
🔒 Encryption & Decryption
Encrypt a File
java -jar AnkaSecureCLI.jar encrypt-file --kid myNewKey --input-file message.txt --output-file encrypted.dat
Encrypts a file using the specified key.
Decrypt a File
java -jar AnkaSecureCLI.jar decrypt-file --kid myNewKey --input-file encrypted.dat --output-file decrypted.txt
Decrypts a previously encrypted file.
Encrypt a File in Streaming Mode
java -jar AnkaSecureCLI.jar encrypt-file-stream --kid myNewKey --input-file message.txt --output-file encrypted.dat
Performs encryption in streaming mode, suitable for large files.
Decrypt a File in Streaming Mode
java -jar AnkaSecureCLI.jar decrypt-file-stream --kid myNewKey --input-file encrypted.dat --output-file decrypted.txt
Decrypts a large file using streaming decryption.
✍ Digital Signatures
Sign a File
java -jar AnkaSecureCLI.jar sign-file --kid mySigningKey --input-file document.txt --output-signature-file signature.dat
Generates a digital signature using the specified key.
Verify a Signature
java -jar AnkaSecureCLI.jar verify-signature --kid mySigningKey --input-file document.txt --input-signature-file signature.dat
Checks if a file's signature is valid.
Re-sign a File
java -jar AnkaSecureCLI.jar resign-file --old-kid oldSigningKey --new-kid newSigningKey --input-file document.txt --old-signature-file oldSig.dat --new-signature-file newSig.dat
Verifies and re-signs a file using a new signing key.
🔄 Key Rotation & Re-Encryption
Re-Encrypt Data to a New Key
java -jar AnkaSecureCLI.jar reencrypt-file --old-kid oldKey --new-kid newKey --input-file encrypted.dat --output-file reencrypted.dat
Re-encrypts data from one key to another, useful for key rotation.
Re-Encrypt Data in Streaming Mode
java -jar AnkaSecureCLI.jar reencrypt-file-stream --old-kid oldKey --new-kid newKey --input-file encrypted.dat --output-file reencrypted.dat
Efficiently re-encrypts large files using streaming.
📊 License & Monitoring
Retrieve License Information
java -jar AnkaSecureCLI.jar get-license-info --client myClientId
Displays the license status and usage metrics.
Retrieve Supported Algorithms
java -jar AnkaSecureCLI.jar get-supported-algorithms
Lists all algorithms currently supported by the system.
Example: Automating Key Rotation
The CLI is ideal for automation via CI/CD pipelines or scheduled scripts.
#!/bin/bash
# Rotate encryption keys automatically
# Generate a new key
java -jar AnkaSecureCLI.jar generate-key --kid rotatedKey --kty ML-KEM --alg ML-KEM-512
# Export new key for backup
java -jar AnkaSecureCLI.jar export-key --kid rotatedKey --output newKey.json
# Revoke old key
java -jar AnkaSecureCLI.jar revoke-key --kid oldKey`
Why Use AnkaSecure CLI?
✔ No coding required -- Execute cryptographic operations directly from the terminal.
✔ Enterprise-Ready -- Integrates with SIEM, HSMs, and security infrastructure.
✔ Post-Quantum Cryptography -- Supports next-generation encryption.
✔ Ideal for Automation -- Compatible with CI/CD workflows.
For more details, check CLI Commands & Usage.