Skip to content

Key Generation & Retrieval

Overview

Anka Secure follows a crypto-agile approach to key management, ensuring that cryptographic keys are generated, stored, and retrieved using a standardized JSON-based model. This enables interoperability with different cryptographic systems while maintaining high security and flexibility.

Additionally, Anka Secure follows the Beautiful API design principles, which emphasize minimalism, intuitive responses, and efficiency. As a result:

  • Key creation returns HTTP 201 Created with no body.
  • Key retrieval follows a structured JSON model with detailed metadata.

Key Representation Model

All cryptographic keys in Anka Secure are represented using a unified JSON format, ensuring consistency across different key operations and simplifying integration with external systems.

Key Model Example:

{
  "modelVersion": "v1.0",
  "kid": "myKyberKey1234",
  "uuid": "8abaacab-f7e7-443a-9659-76daed9a240e",
  "kty": "ML-KEM",
  "alg": "ML-KEM-768",
  "publicKey": "MIIEsjALBglghkgBZQMEBAIDggShAENqIxpBJ4iQ...",
  "keyOps": [
    "encrypt",
    "decrypt"
  ],
  "exportable": true,
  "createdAt": "2025-03-19T23:34:38.633885485Z",
  "expiresAt": "2030-05-31T23:59:59Z",
  "softLimitExpiration": "2029-12-31T23:59:59Z",
  "usageCount": 0,
  "lastUsedAt": "",
  "softUsageLimit": 40000,
  "maxUsageLimit": 50000,
  "status": "active",
  "nextKid": "null",
  "previousKid": "null",
  "hash": "fecf7d55a4a1b87bef48f9d3fd62c99bba801cf9a464f973a18a4815dc9a3a89"
}

Key Model Attributes:

  • modelVersion: Defines the format version for compatibility.

  • kid (Key ID): Unique identifier for the key.

  • uuid: System-generated unique identifier.

  • kty (Key Type): Defines the key type (e.g., ML-KEM, DILITHIUM, RSA).

  • alg (Algorithm): Specifies the cryptographic algorithm used.

  • publicKey: The encoded public key (if applicable).

  • keyOps: Allowed operations for the key (e.g., encrypt, decrypt).

  • exportable: Indicates whether the key can be exported.

  • createdAt / expiresAt: Defines the key's lifecycle.

  • usageCount / maxUsageLimit: Tracks usage and expiration policies.

  • status: Current state of the key (e.g., active, expired, revoked).

  • hash: Integrity checksum for verification.

Key Generation

Keys in Anka Secure are generated using strong cryptographic standards. The API allows clients to generate new keys with configurable properties.

Generating a Key

To generate a new key, users must specify:

  • Algorithm (alg)

  • Key Type (kty)

  • Exportability (exportable)

  • Usage limits (softUsageLimit, maxUsageLimit)

API Endpoint:

POST /api/key-management/generate Content-Type: application/json

Request Body:

{
  "kid": "myKyberKey1234",
  "kty": "ML-KEM",
  "alg": "ML-KEM-768",
  "keyOps": [
    "encrypt",
    "decrypt"
  ],
  "exportable": true,
  "expiresAt": "2030-05-31T23:59:59Z",
  "softLimitExpiration": "2029-12-31T23:59:59Z",
  "maxUsageLimit": 50000,
  "softUsageLimit": 40000
}

Response:

HTTP/1.1 201 Created

Note: This API adheres to Beautiful API principles, meaning it returns 201 Created without a response body.

Key Retrieval

Keys can be retrieved via the Key ID (kid).

Retrieving a Key

API Endpoint:

GET /api/key-management/keys/{kid}

Response:

{
  "modelVersion": "v1.0",
  "kid": "myKyberKey1234",
  "uuid": "8abaacab-f7e7-443a-9659-76daed9a240e",
  "kty": "ML-KEM",
  "alg": "ML-KEM-768",
  "publicKey": "MIIEsjALBglghkgBZQMEBAIDggShAENqIxpBJ4iQ...",
  "keyOps": [
    "encrypt",
    "decrypt"
  ],
  "exportable": true,
  "createdAt": "2025-03-19T23:34:38.633885485Z",
  "expiresAt": "2030-05-31T23:59:59Z",
  "softLimitExpiration": "2029-12-31T23:59:59Z",
  "usageCount": 0,
  "lastUsedAt": "",
  "softUsageLimit": 40000,
  "maxUsageLimit": 50000,
  "status": "active",
  "nextKid": "null",
  "previousKid": "null",
  "hash": "fecf7d55a4a1b87bef48f9d3fd62c99bba801cf9a464f973a18a4815dc9a3a89"
}

Supported Key Algorithms

Anka Secure supports a wide range of cryptographic algorithms. The full list of supported algorithms can be retrieved dynamically.

API Endpoint:

GET /api/key-management/supported-algorithms

Example Response:

[
  { "kty": "ML-KEM", "alg": "ML-KEM-512" },
  { "kty": "ML-KEM", "alg": "ML-KEM-768" },
  { "kty": "DILITHIUM", "alg": "Dilithium3" },
  { "kty": "RSA", "alg": "RSA-2048" },
  { "kty": "AES", "alg": "AES-256" }
]

Summary

  • Crypto-Agile Design: Anka Secure keys follow a standardized JSON format for uniform handling.

  • Beautiful API Implementation:

    • Key creation returns 201 Created with no body.

    • Key retrieval returns structured JSON metadata.

  • Flexible Key Generation: Users can generate keys dynamically with configurable properties.

  • Secure Retrieval: Keys can be fetched using their Key ID (kid).

  • Broad Algorithm Support: Includes post-quantum algorithms like ML-KEM and Dilithium.

This approach ensures interoperability, flexibility, and high security for modern cryptographic operations.