ANKA Secure API
The ANKA Secure API is the core encryption server that exposes REST endpoints for:
✅ Key management (generation, storage, and export).
✅ Encryption & decryption using AES, RSA, Dilithium, Kyber.
✅ Digital signing & signature verification.
✅ Encrypted data streaming for handling large-scale cryptographic operations.
Application Startup
This section walks through how the Anka Secure API application starts up and initializes its core components. The main class, co.ankatech.secure.api.SecureApiApplication, is a standard Spring Boot entry point that includes additional setup for cryptography providers (Bouncy Castle and Post-Quantum variants).
@SpringBootApplication
public class SecureApiApplication {
static {
// Standard Bouncy Castle provider
Security.addProvider(new BouncyCastleProvider());
// Post-Quantum provider
Security.addProvider(new BouncyCastlePQCProvider());
}
public static void main(String[] args) {
SpringApplication.run(SecureApiApplication.class, args);
logger.info("Spring Security Version: {}", SpringSecurityCoreVersion.getVersion());
}
}
Key Points
-
Spring Boot Entry Point
main(String[] args)callsSpringApplication.run(...), starting the entire application context, auto-configuring controllers, services, repositories, etc.-
Bouncy Castle Initialization
-
The static block registers two security providers:
- BouncyCastleProvider: For a wide range of classical algorithms (RSA, AES, ECC, etc.).
- BouncyCastlePQCProvider: Post-Quantum algorithms such as Kyber, Dilithium, Falcon, SPHINCS+, etc.
-
OpenAPI Configuration
-
Annotations like
@OpenAPIDefinitionand@SecuritySchemeautomatically generate documentation and define a Bearer security scheme (bearerAuth). -
JWT-Required Endpoints
-
The entire API is documented under these OpenAPI annotations and references a Bearer token in its security scheme. Endpoints typically require a valid JWT (unless explicitly opened in
SecurityConfig).