Command Line Interface (CLI) Usage

The AnkaSecure CLI lets you interact directly with the server to generate keys, encrypt/decrypt files, sign/verify data, re-encrypt, re-sign, and more. This page lists all commands and explains how the CLI is configured.

CLI Configuration: cli.properties

The CLI reads its endpoint settings (host, port, TLS), client credentials, and more from a cli.properties file. For example:

cli.properties ------------------------------------------------------------------------------- ############################################################################### # CLI AUTHENTICATION CREDENTIALS ############################################################################### clientId=myAppId clientSecret=myAppSecret ############################################################################### # OPENAPI SERVER VARIABLES # These define the scheme (http/https), host, and port # that match your @OpenAPIDefinition's parametric server #0 ############################################################################### openapi.scheme=https openapi.host=demo.ankatech.co openapi.port=443 openapi.insecureSkipTlsVerify=true ############################################################################### # TIMEOUTS (in milliseconds) # Adjust to override the defaults: ############################################################################### openapi.connectTimeoutMs=10000 openapi.readTimeoutMs=30000 openapi.writeTimeoutMs=30000 ############################################################################### # PROXY SETTINGS (if needed): ############################################################################### #openapi.proxyHost=proxy.mycompany.com #openapi.proxyPort=8080 #openapi.proxyUser=someUser #openapi.proxyPassword=somePassword ############################################################################### # PROGRESS BAR FOR LARGE FILE UPLOADS # Accepts "true" or "false" (default = false). ############################################################################### openapi.enableProgressBar=false

The CLI automatically reads this file if placed in the same directory. That way, you do not need to manually log in for each command; it authenticates using clientId / clientSecret behind the scenes.

List of CLI Commands

Below are all CLI commands supported by AnkaSecure. Adjust file paths, aliases, or parameters as needed.

Generate a symmetric key
generate-symmetric-key --alias <alias> --algorithm <AES> --keysize <128|192|256>
Example: generate-symmetric-key --alias myAesKey --algorithm AES --keysize 256
Generate an asymmetric key
generate-asymmetric-key --algorithm <Kyber512|Kyber768|Kyber1024| Dilithium2|Dilithium3|Dilithium5| FALCON-512|FALCON-1024| EC-256|EC-384|EC-521| RSA-1024|RSA-2048|RSA-4096| SPHINCS+-SHA2-128F|SPHINCS+-SHA2-128S|SPHINCS+-SHA2-192F|SPHINCS+-SHA2-192S|SPHINCS+-SHA2-256F|SPHINCS+-SHA2-256S| SPHINCS+-SHAKE-128F|SPHINCS+-SHAKE-128S|SPHINCS+-SHAKE-192F|SPHINCS+-SHAKE-192S|SPHINCS+-SHAKE-256F|SPHINCS+-SHAKE-256S> --alias <alias>
Example: generate-asymmetric-key --algorithm Kyber512 --alias myKyberKey
List keys
list-keys
Example: list-keys
Encrypt file (asymmetric)
encrypt-file --alias <alias> --input <plainFile> --output <cipherFile>
Decrypt file (asymmetric)
decrypt-file --alias <alias> --input <cipherFile> --output <plainFile>
Encrypt file (symmetric)
encrypt-file-symmetric --alias <alias> --input <plainFile> --output <cipherFile>
Decrypt file (symmetric)
decrypt-file-symmetric --alias <alias> --input <cipherFile> --output <plainFile>
Sign file
sign-file --alias <alias> --input <plainFile> --signature <signatureFile>
Verify signature
verify-signature --alias <alias> --input <plainFile> --signature <signatureFile>
Export public key
export-public-key --alias <alias> --output <outputFile>
Import public key
import-public-key --alias <alias> --input <publicKeyFile> --algorithm <...>
Import private key (PKCS#12)
import-private-key --alias <alias> --input <p12File> [--password <p12Password>]
Remove key
remove-key --alias <alias>
Re-encrypt file
reencrypt-file --old-alias <oldAlias> --new-alias <newAlias> --input <cipherIn> --output <cipherOut>
Re-sign file
resign-file --old-alias <oldAlias> --new-alias <newAlias> --input <plainFile> --old-signature <oldSigFile> --output <newSigFile>
Get license info
get-license-info --client <clientId>
Streaming operations

For large files, use these commands:
- encrypt-file-stream --alias <alias> --input <file> --output <cipherFile>
- decrypt-file-stream --alias <alias> --input <cipherFile> --output <plainFile>
- encrypt-file-symmetric-stream --alias <alias> --input <file> --output <cipherFile>
- decrypt-file-symmetric-stream --alias <alias> --input <cipherFile> --output <plainFile>
- sign-file-stream --alias <alias> --input <file> --output <signatureFile>
- verify-signature-stream --alias <alias> --input <file> --signature <signatureFile>
- resign-file-stream --old-alias <oldAlias> --new-alias <newAlias> --old-signature <oldSig> --input <file> --output <newSig>
- reencrypt-file-stream --old-alias <oldAlias> --new-alias <newAlias> --input <cipherIn> --output <cipherOut>
- encrypt-file-publickey-stream --algorithm <algo> --publicKey <pubFile> --input <file> --output <cipherFile>
- verify-signature-publickey-stream --algorithm <algo> --publicKey <pubFile> --input <file> --signature <signatureFile>

That’s the full set! Refer to the Use Cases page for scenario-by-scenario CLI examples, or check SecureCoreCLIIntegrationTest in your code for deeper automated tests.