AnkaSecure API - Java & CLI Integration Flows
These 16 flows illustrate real-world scenarios for encryption, signing, re-encryption, and re-signing, covering both classical and post-quantum algorithms. Each flow can be executed through Java code, or through our AnkaSecureCLI.
Integration Flows Table
| # | Flow Name | Description | Code |
|---|---|---|---|
| 1 | Asymmetric Encrypt/Decrypt (Streaming) | Generates a key (e.g. Kyber512), encrypts file streaming, decrypts streaming. | View Code |
| 2 | Sign/Verify (Streaming) | Generates a key (e.g. RSA-2048), signs a file streaming, verifies streaming. | View Code |
| 3 | Symmetric Encrypt/Decrypt (Streaming) | AES-256 streaming encryption and decryption. | View Code |
| 4 | Asymmetric Re-encrypt (Streaming) | Re-encrypt from RSA to Kyber (streaming), demonstrating quantum-safe key migration. | View Code |
| 5 | Kyber512 Encrypt/Decrypt (Non-Streaming) | Generates a Kyber512 key, encrypt/decrypt in memory (non-streaming). | View Code |
| 6 | Dilithium5 Sign/Verify (Non-Streaming) | Generates a Dilithium5 key, signs/verify (non-streaming) for post-quantum integrity. | View Code |
| 7 | AES-256 Encrypt/Decrypt (Non-Streaming) | AES-256 key generation and usage (non-streaming). | View Code |
| 8 | EC-521 to Kyber768 Re-encrypt (Non-Streaming) | Migrates from EC-521 encryption to Kyber768 (non-streaming). | View Code |
| 9 | RSA-2048 to Dilithium3 Re-sign (Non-Streaming) | Re-sign from RSA to Dilithium3, ensuring PQ security for digital signatures. | View Code |
| 10 | Asymmetric Public Key Utility | Export a Kyber1024 public key, encrypt with it, decrypt server-side. | View Code |
| 11 | Sign Dilithium5 & Verify (Public Key Utility) | Sign with server-side Dilithium5 key, verify with exported public key. | View Code |
| 12 | Re-sign Streaming (RSA-2048 to FALCON-1024) | Re-sign from RSA to Falcon in streaming mode, verifying advanced PQ migration. | View Code |
| 13 | Import PKCS#12 and Perform Sign/Encrypt | Imports a private key from a .p12, then signs, exports, and encrypts data. | View Code |
| 14 | Key Management & License Checks (Kyber768) | Generate, export, remove, re-import keys, plus license info checks. | View Code |
| 15 | Dilithium5 Sign/Verify (Streaming) | Streaming sign/verify with Dilithium5, including optional public key approach. | View Code |
| 16 | Kyber1024 Encrypt/Decrypt (Streaming) | Export Kyber1024 public key, encrypt streaming, decrypt with private key. | View Code |
Flow Details & Sample Code
Flow 1: Asymmetric Encrypt/Decrypt (Streaming)
In this flow, we demonstrate how to generate a post-quantum or classical key (e.g., Kyber512), then perform streaming encryption and decryption of a file. This includes creating a new alias, encrypting large files chunk by chunk, and verifying the decrypted output matches the original.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.*;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 1 Example:
*
*
* - Generate an asymmetric key (e.g., Kyber512)
* - Export the public key
* - Encrypt a file using streaming mode
* - Decrypt the file using streaming mode
* - Verify that the decrypted content matches the original input
*
*
*
* The implementation follows a structured approach so that developers can
* easily adapt the SDK to their own applications without requiring additional
* support.
*/
public class ExampleScenario1 {
/**
* Main entry point for executing Scenario 1.
*
* @param args Not used.
*/
public static void main(String[] args) {
System.out.println("===== SCENARIO 1 START =====");
System.out.println("Purpose: Demonstrates generating an asymmetric key, exporting the public key, and doing a streaming encrypt/decrypt flow.");
// Load CLI-like properties from 'cli.properties' (clientId, clientSecret, etc.)
Properties props = new Properties();
try {
props.load(ExampleScenario1.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Initialize the SDK with messages and properties
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
// Authenticate with clientId and clientSecret
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate. HTTP code=" + ex.getStatusCode()
+ ", response=" + ex.getResponseBody());
System.exit(1);
}
// Define alias for the generated key
String alias = "scenario1AsymKey_" + System.currentTimeMillis();
// Define file paths for input/output
File plainFile = new File("plain1.txt");
File encryptedFile = new File("enc1.bin");
File decryptedFile = new File("dec1.txt");
File exportedPub = new File("scenario1_pub.key");
try {
// (1) Prepare a plaintext file with sample content
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Hello scenario1 - streaming encryption test!");
}
System.out.println("Plaintext file created: " + plainFile.getAbsolutePath());
// (2) Generate an asymmetric key (e.g., Kyber512) and store it under the given alias
sdk.generateAsymmetricKey("Kyber512", alias);
System.out.println("Asymmetric key generated with alias: " + alias);
// (3) Export the public key to a file
sdk.exportPublicKey(alias, exportedPub.getAbsolutePath());
System.out.println("Public key exported to: " + exportedPub.getAbsolutePath());
// (4) Encrypt the plaintext file using streaming mode
sdk.encryptFileStream(alias, plainFile.getAbsolutePath(), encryptedFile.getAbsolutePath());
System.out.println("File encrypted (streaming mode) -> " + encryptedFile.getAbsolutePath());
// (5) Decrypt the file using streaming mode
sdk.decryptFileStream(alias, encryptedFile.getAbsolutePath(), decryptedFile.getAbsolutePath());
System.out.println("File decrypted (streaming mode) -> " + decryptedFile.getAbsolutePath());
// (6) Compare original and decrypted content
String originalText = Files.readString(plainFile.toPath());
String decryptedText = Files.readString(decryptedFile.toPath());
if (originalText.equals(decryptedText)) {
System.out.println("Success! Decrypted content matches the original input.");
} else {
System.err.println("Mismatch! Decrypted content does NOT match the original input.");
}
} catch (AnkaSecureSdkException e) {
// Handle known SDK errors
System.err.println("SDK error (HTTP code=" + e.getStatusCode() + "): " + e.getMessage());
System.err.println("Server response: " + e.getResponseBody());
} catch (IOException ioEx) {
// Handle file-related errors
System.err.println("File I/O error: " + ioEx.getMessage());
ioEx.printStackTrace();
} finally {
// Optional cleanup: Uncomment to remove generated files after execution
// plainFile.delete();
// encryptedFile.delete();
// decryptedFile.delete();
// exportedPub.delete();
}
}
}
Flow 2: Sign/Verify (Streaming)
Generates a key (e.g., RSA-2048), signs a file in streaming mode, and verifies the signature in streaming mode. This ensures data integrity for large files without large memory overheads.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 2 Example:
*
* - Authenticates with {@code clientId} and {@code clientSecret}
* - Generates an asymmetric key (RSA-2048)
* - Signs a file (streaming mode)
* - (Optional) Exports the public key
* - Verifies the signature (streaming mode)
*
*
*
* Demonstrates how to replicate CLI scenario #2 in raw Java using the SDK.
*/
public class ExampleScenario2 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 2 START =====");
System.out.println("Purpose: Demonstrates generating an asymmetric key, streaming sign, optional public key export, and streaming verify.");
// 1) Load CLI-like properties
Properties props = new Properties();
try {
props.load(ExampleScenario2.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// 2) Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// 3) Scenario 2 steps
String alias = "scenario2AsymKey_" + System.currentTimeMillis();
// (a) Prepare a file to sign
File plainFile = new File("doc2.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Scenario2 data to be signed (streaming).");
} catch (IOException ioEx) {
System.err.println("Unable to create doc2.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// (b) Generate RSA-2048 key
sdk.generateAsymmetricKey("RSA-2048", alias);
System.out.println("Asymmetric key (RSA-2048) generated. Alias: " + alias);
// (c) Sign file in streaming mode
File signatureFile = new File("doc2.sig");
sdk.signFileStream(alias, plainFile.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("File signed (streaming) -> " + signatureFile.getAbsolutePath());
// (Optional) Export the public key
File exportedPub = new File("scenario2_pub.key");
sdk.exportPublicKey(alias, exportedPub.getAbsolutePath());
System.out.println("Public key exported -> " + exportedPub.getAbsolutePath());
// (d) Verify signature (streaming)
boolean isValid = sdk.verifySignatureStream(
alias,
plainFile.getAbsolutePath(),
signatureFile.getAbsolutePath()
);
System.out.println("Stream-based signature valid? " + isValid);
if (!isValid) {
System.err.println("Scenario2: Signature verification failed.");
} else {
System.out.println("Scenario2: Signature verified successfully!");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario2: SDK error (HTTP " + ex.getStatusCode() + "): " + ex.getMessage());
System.err.println("Response Body: " + ex.getResponseBody());
} catch (RuntimeException ioEx) {
System.err.println("Scenario2: File I/O error -> " + ioEx.getMessage());
}
}
}
Flow 3: Symmetric Encrypt/Decrypt (Streaming)
Demonstrates AES-256 key generation and usage in a streaming context, showcasing the ability to handle large data with minimal memory usage.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 3 Example:
*
* - Generates a symmetric AES-256 key
* - Encrypts a file in streaming mode
* - Decrypts the file in streaming mode
* - Verifies the decrypted output matches the original
*
*/
public class ExampleScenario3 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 3 START =====");
System.out.println("Purpose: Demonstrates generating a symmetric AES-256 key and performing streaming encrypt/decrypt.");
Properties props = new Properties();
try {
props.load(ExampleScenario3.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
String alias = "scenario3SymKey_" + System.currentTimeMillis();
// Prepare plaintext file
File plainFile = new File("plain3.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Hello scenario3 - symmetric streaming encryption test!");
} catch (IOException ioEx) {
System.err.println("Unable to create plain3.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// Generate a symmetric AES-256 key
sdk.generateSymmetricKey(alias, "AES", 256);
System.out.println("Symmetric AES-256 key generated. Alias: " + alias);
// Encrypt (streaming)
File encFile = new File("enc3.bin");
sdk.encryptFileSymmetricStream(alias, plainFile.getAbsolutePath(), encFile.getAbsolutePath());
System.out.println("File encrypted (streaming) -> " + encFile.getAbsolutePath());
// Decrypt (streaming)
File decFile = new File("dec3.txt");
sdk.decryptFileSymmetricStream(alias, encFile.getAbsolutePath(), decFile.getAbsolutePath());
System.out.println("File decrypted (streaming) -> " + decFile.getAbsolutePath());
// Validate
String original = Files.readString(plainFile.toPath());
String decrypted = Files.readString(decFile.toPath());
if (!original.equals(decrypted)) {
System.err.println("Scenario3: Decrypted content does NOT match original!");
} else {
System.out.println("Scenario3: Success! Decrypted content matches the original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario3: SDK error (HTTP " + ex.getStatusCode() + "): " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario3: File I/O error -> " + ioEx.getMessage());
}
}
}
Flow 4: Asymmetric Re-encrypt (Streaming)
Showcases a quantum-safe migration strategy by re-encrypting data from RSA-2048 to Kyber (e.g., Kyber1024) in a single streaming operation, without exposing plaintext.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 4 Example:
*
* - Generate an RSA-2048 key
* - Encrypt a file (streaming) with RSA
* - Generate a Kyber1024 key
* - Re-encrypt the file (streaming) from RSA to Kyber1024
* - Decrypt using Kyber1024 (streaming)
*
*
*
* Shows how to re-encrypt data across different asymmetric algorithms.
*/
public class ExampleScenario4 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 4 START =====");
System.out.println("Purpose: Demonstrates re-encrypting data from RSA-2048 to Kyber1024 in streaming mode.");
Properties props = new Properties();
try {
props.load(ExampleScenario4.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Create original data
File plainFile = new File("plain4.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Scenario4 data: re-encrypt from RSA-2048 to Kyber1024!");
} catch (IOException ioEx) {
System.err.println("Cannot write plain4.txt: " + ioEx.getMessage());
return;
}
try {
// 1) Generate RSA-2048
String rsaAlias = "scenario4RSA_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("RSA-2048", rsaAlias);
System.out.println("RSA-2048 key generated, alias=" + rsaAlias);
// 2) Encrypt with RSA (streaming)
File rsaEncryptedFile = new File("enc4_rsa.bin");
sdk.encryptFileStream(rsaAlias, plainFile.getAbsolutePath(), rsaEncryptedFile.getAbsolutePath());
System.out.println("Encrypted with RSA -> " + rsaEncryptedFile.getAbsolutePath());
// 3) Generate Kyber1024
String kyberAlias = "scenario4Kyber_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Kyber1024", kyberAlias);
System.out.println("Kyber1024 key generated, alias=" + kyberAlias);
// 4) Re-encrypt from RSA to Kyber (streaming)
File reencryptedFile = new File("reencrypted4_kyber.bin");
sdk.reencryptFileStream(
rsaAlias,
kyberAlias,
rsaEncryptedFile.getAbsolutePath(),
reencryptedFile.getAbsolutePath()
);
System.out.println("Re-encrypted from RSA to Kyber -> " + reencryptedFile.getAbsolutePath());
// 5) Decrypt with Kyber (streaming)
File finalDecryptedFile = new File("dec4_kyber.txt");
sdk.decryptFileStream(kyberAlias, reencryptedFile.getAbsolutePath(), finalDecryptedFile.getAbsolutePath());
System.out.println("Decrypted with Kyber -> " + finalDecryptedFile.getAbsolutePath());
// 6) Verify final
String original = Files.readString(plainFile.toPath());
String finalDecrypted = Files.readString(finalDecryptedFile.toPath());
if (original.equals(finalDecrypted)) {
System.out.println("Scenario4: Success! The final decrypted data matches the original.");
} else {
System.err.println("Scenario4: Mismatch! Data does NOT match the original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario4: SDK error => HTTP " + ex.getStatusCode() + ", " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario4: File I/O error -> " + ioEx.getMessage());
}
}
}
Flow 5: Kyber512 Encrypt/Decrypt (Non-Streaming)
Demonstrates standard, in-memory encryption and decryption using Kyber512. Ideal for smaller payloads where streaming is not required.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 5 Example:
*
* - Generate an asymmetric key (Kyber512)
* - Export the public key
* - Encrypt a file (non-streaming)
* - Decrypt the file (non-streaming)
*
*
*
* Verifies final decrypted content against the original.
*/
public class ExampleScenario5 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 5 START =====");
System.out.println("Purpose: Demonstrates a non-streaming encryption/decryption flow using Kyber512.");
Properties props = new Properties();
try {
props.load(ExampleScenario5.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
String alias = "scenario5AsymKyber512_" + System.currentTimeMillis();
File plainFile = new File("plain5.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Hello scenario5 - Non-streaming encryption test (Kyber512)!");
} catch (IOException ioEx) {
System.err.println("Could not create plain5.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// Generate Kyber512
sdk.generateAsymmetricKey("Kyber512", alias);
System.out.println("Asymmetric (Kyber512) key generated, alias=" + alias);
// Export public key
File exportedPub = new File("scenario5_pub.key");
sdk.exportPublicKey(alias, exportedPub.getAbsolutePath());
System.out.println("Public key exported -> " + exportedPub.getAbsolutePath());
// Encrypt (non-streaming)
File encryptedFile = new File("enc5.bin");
sdk.encryptFile(alias, plainFile.getAbsolutePath(), encryptedFile.getAbsolutePath());
System.out.println("File encrypted (non-streaming) -> " + encryptedFile.getAbsolutePath());
// Decrypt (non-streaming)
File decryptedFile = new File("dec5.txt");
sdk.decryptFile(alias, encryptedFile.getAbsolutePath(), decryptedFile.getAbsolutePath());
System.out.println("File decrypted (non-streaming) -> " + decryptedFile.getAbsolutePath());
// Validate
String originalText = Files.readString(plainFile.toPath());
String decryptedText = Files.readString(decryptedFile.toPath());
if (!originalText.equals(decryptedText)) {
System.err.println("Scenario5: Mismatch in decrypted text!");
} else {
System.out.println("Scenario5: Success! Decrypted text matches original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario5: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario5: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 6: Dilithium5 Sign/Verify (Non-Streaming)
Covers generating a Dilithium5 post-quantum keypair and signing/verifying files using an in-memory approach, ensuring post-quantum security for smaller data sets.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 6 Example:
*
* - Generate an asymmetric key (Dilithium5)
* - Sign a file (non-streaming)
* - Export the public key
* - Verify the signature (non-streaming)
*
*/
public class ExampleScenario6 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 6 START =====");
System.out.println("Purpose: Demonstrates a non-streaming sign/verify flow using Dilithium5.");
Properties props = new Properties();
try {
props.load(ExampleScenario6.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
String alias = "scenario6AsymDil5_" + System.currentTimeMillis();
File docFile = new File("doc6.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(docFile))) {
writer.write("Scenario6 data to be signed (non-streaming).");
} catch (IOException ioEx) {
System.err.println("Cannot create doc6.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// Generate Dilithium5
sdk.generateAsymmetricKey("Dilithium5", alias);
System.out.println("Dilithium5 key generated, alias=" + alias);
// Sign file (non-streaming)
File signatureFile = new File("doc6.sig");
sdk.signFile(alias, docFile.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("File signed (non-streaming) -> " + signatureFile.getAbsolutePath());
// Export public key
File exportedPub = new File("scenario6_pub.key");
sdk.exportPublicKey(alias, exportedPub.getAbsolutePath());
System.out.println("Public key exported -> " + exportedPub.getAbsolutePath());
// Verify signature (non-streaming)
boolean isValid = sdk.verifySignatureBoolean(alias, docFile.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("Signature valid? " + isValid);
if (!isValid) {
System.err.println("Scenario6: Signature verification failed!");
} else {
System.out.println("Scenario6: Success! Signature verified correctly.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario6: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("Scenario6: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 7: AES-256 Encrypt/Decrypt (Non-Streaming)
Similar to Flow 3 but in non-streaming mode, illustrating how to handle smaller files entirely in memory with AES-256 keys.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 7 Example:
*
* - Generate a symmetric AES-256 key
* - Encrypt a file (non-streaming)
* - Decrypt the file (non-streaming)
*
*/
public class ExampleScenario7 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 7 START =====");
System.out.println("Purpose: Demonstrates generating a symmetric AES-256 key, then doing non-streaming encrypt/decrypt.");
Properties props = new Properties();
try {
props.load(ExampleScenario7.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
String alias = "scenario7SymAES256_" + System.currentTimeMillis();
File plainFile = new File("plain7.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Hello scenario7 - Non-streaming AES-256 encryption test!");
} catch (IOException ioEx) {
System.err.println("Could not create plain7.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// Generate AES-256 key
sdk.generateSymmetricKey(alias, "AES", 256);
System.out.println("AES-256 key generated, alias=" + alias);
// Encrypt non-streaming
File encFile = new File("enc7.bin");
sdk.encryptFileSymmetric(alias, plainFile.getAbsolutePath(), encFile.getAbsolutePath());
System.out.println("File encrypted (non-streaming) -> " + encFile.getAbsolutePath());
// Decrypt non-streaming
File decFile = new File("dec7.txt");
sdk.decryptFileSymmetric(alias, encFile.getAbsolutePath(), decFile.getAbsolutePath());
System.out.println("File decrypted (non-streaming) -> " + decFile.getAbsolutePath());
// Compare
String original = Files.readString(plainFile.toPath());
String decrypted = Files.readString(decFile.toPath());
if (original.equals(decrypted)) {
System.out.println("Scenario7: Success! Decrypted content matches the original.");
} else {
System.err.println("Scenario7: Mismatch in decrypted content!");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario7: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario7: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 8: EC-521 to Kyber768 Re-encrypt (Non-Streaming)
Illustrates how to migrate data from an EC-521 encrypted file to Kyber768 without revealing plaintext. Non-streaming approach suitable for moderate file sizes.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 8 Example:
*
* - Generate an EC-521 key (non-streaming)
* - Encrypt with EC-521 (non-streaming)
* - Generate a Kyber768 key
* - Re-encrypt from EC-521 to Kyber768 (non-streaming)
* - Decrypt with Kyber768 (non-streaming)
*
*/
public class ExampleScenario8 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 8 START =====");
System.out.println("Purpose: Demonstrates non-streaming re-encryption from EC-521 to Kyber768.");
Properties props = new Properties();
try {
props.load(ExampleScenario8.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Create original data
File plainFile = new File("plain8.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(plainFile))) {
writer.write("Scenario8 data: Re-encrypt from EC-521 to Kyber768 (non-streaming).");
} catch (IOException ioEx) {
System.err.println("Could not create plain8.txt: " + ioEx.getMessage());
return;
}
try {
// Generate EC-521
String ecAlias = "scenario8EC521_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("EC-521", ecAlias);
System.out.println("EC-521 key generated, alias=" + ecAlias);
// Encrypt file (non-streaming) with EC-521
File ecEncrypted = new File("enc8_ec.bin");
sdk.encryptFile(ecAlias, plainFile.getAbsolutePath(), ecEncrypted.getAbsolutePath());
System.out.println("Encrypted with EC-521 (non-streaming) -> " + ecEncrypted.getAbsolutePath());
// Generate Kyber768
String kyberAlias = "scenario8Kyber768_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Kyber768", kyberAlias);
System.out.println("Kyber768 key generated, alias=" + kyberAlias);
// Re-encrypt from EC-521 to Kyber768 (non-streaming)
File reencFile = new File("reencrypted8.bin");
sdk.reencryptFile(ecAlias, kyberAlias, ecEncrypted.getAbsolutePath(), reencFile.getAbsolutePath());
System.out.println("Re-encrypted (EC->Kyber) -> " + reencFile.getAbsolutePath());
// Decrypt with Kyber768 (non-streaming)
File finalDecrypted = new File("dec8_kyber.txt");
sdk.decryptFile(kyberAlias, reencFile.getAbsolutePath(), finalDecrypted.getAbsolutePath());
System.out.println("Decrypted with Kyber768 -> " + finalDecrypted.getAbsolutePath());
// Compare final with original
String original = Files.readString(plainFile.toPath());
String decrypted = Files.readString(finalDecrypted.toPath());
if (original.equals(decrypted)) {
System.out.println("Scenario8: Success! Final data matches the original.");
} else {
System.err.println("Scenario8: Mismatch! Decrypted data does NOT match the original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario8: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario8: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 9: RSA-2048 to Dilithium3 Re-sign (Non-Streaming)
Demonstrates how to transition from classical signatures (RSA-2048) to post-quantum (Dilithium3) by re-signing an existing file, without altering the file contents.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 9 Example:
*
* - Generate an RSA-2048 key (oldAlias)
* - Sign a file (non-streaming)
* - Generate a Dilithium3 key (newAlias)
* - Re-sign from RSA-2048 to Dilithium3 (non-streaming)
* - Verify the newly created signature (non-streaming)
*
*/
public class ExampleScenario9 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 9 START =====");
System.out.println("Purpose: Demonstrates re-signing data from RSA-2048 to Dilithium3 in non-streaming mode.");
Properties props = new Properties();
try {
props.load(ExampleScenario9.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Create data file
File dataFile = new File("doc9.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(dataFile))) {
writer.write("Scenario9 data: re-sign from RSA-2048 to Dilithium3 (non-streaming).");
} catch (IOException ioEx) {
System.err.println("Could not create doc9.txt: " + ioEx.getMessage());
return;
}
try {
// 1) Generate RSA-2048 (oldAlias)
String oldAlias = "scenario9RSA2048_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("RSA-2048", oldAlias);
System.out.println("RSA-2048 key generated, alias=" + oldAlias);
// 2) Sign file (non-streaming) with RSA
File oldSig = new File("doc9_old.sig");
sdk.signFile(oldAlias, dataFile.getAbsolutePath(), oldSig.getAbsolutePath());
System.out.println("Signed with RSA-2048 -> " + oldSig.getAbsolutePath());
// 3) Verify the old signature
boolean oldValid = sdk.verifySignatureBoolean(oldAlias, dataFile.getAbsolutePath(), oldSig.getAbsolutePath());
System.out.println("Old signature valid? " + oldValid);
// 4) Generate Dilithium3 (newAlias)
String newAlias = "scenario9Dil3_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Dilithium3", newAlias);
System.out.println("Dilithium3 key generated, alias=" + newAlias);
// 5) Re-sign (non-streaming)
File newSig = new File("doc9_new.sig");
sdk.resignFile(oldAlias, newAlias, dataFile.getAbsolutePath(),
oldSig.getAbsolutePath(), newSig.getAbsolutePath());
System.out.println("Re-signed from RSA->Dilithium3 -> " + newSig.getAbsolutePath());
// 6) Verify new signature
boolean newValid = sdk.verifySignatureBoolean(newAlias, dataFile.getAbsolutePath(), newSig.getAbsolutePath());
System.out.println("New signature (Dilithium3) valid? " + newValid);
if (!newValid) {
System.err.println("Scenario9: New signature verification failed!");
} else {
System.out.println("Scenario9: Success! Re-signed signature is valid.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario9: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("Scenario9: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 10: Asymmetric Public Key Utility
Explains how to export a Kyber1024 public key, encrypt files with it (client-side or externally), and then decrypt using the private key stored in the server's keystore.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 10 Example:
*
* - Generate an asymmetric key (Kyber1024)
* - Encrypt a file (non-streaming, \"utilitarian\" approach)
* - Decrypt the file (non-streaming)
* - Verify the decrypted content
*
*/
public class ExampleScenario10 {
public static void main(String[] args) {
System.out.println("===== SCENARIO 10 START =====");
System.out.println("Purpose: Demonstrates non-streaming encrypt/decrypt with a Kyber1024 key (utilitarian approach).");
Properties props = new Properties();
try {
props.load(ExampleScenario10.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Original data
File originalData = new File("plain10.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(originalData))) {
writer.write("Scenario10: Non-streaming utilitarian encryption with Kyber1024.");
} catch (IOException ioEx) {
System.err.println("Could not create plain10.txt: " + ioEx.getMessage());
return;
}
try {
// 1) Generate Kyber1024
String alias = "scenario10Kyber1024_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Kyber1024", alias);
System.out.println("Kyber1024 key generated, alias=" + alias);
// 2) Export public key
File pubFile = new File("scenario10_pub.key");
sdk.exportPublicKey(alias, pubFile.getAbsolutePath());
System.out.println("Public key exported -> " + pubFile.getAbsolutePath());
// 3) Encrypt (non-streaming)
File encrypted = new File("enc10.bin");
sdk.encryptFile(alias, originalData.getAbsolutePath(), encrypted.getAbsolutePath());
System.out.println("File encrypted -> " + encrypted.getAbsolutePath());
// 4) Decrypt
File decrypted = new File("dec10.txt");
sdk.decryptFile(alias, encrypted.getAbsolutePath(), decrypted.getAbsolutePath());
System.out.println("File decrypted -> " + decrypted.getAbsolutePath());
// 5) Validate
String origText = Files.readString(originalData.toPath());
String decText = Files.readString(decrypted.toPath());
if (origText.equals(decText)) {
System.out.println("Scenario10: Success! Decrypted matches original content.");
} else {
System.err.println("Scenario10: Mismatch! Decrypted does NOT match original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("Scenario10: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("Scenario10: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 11: Sign Dilithium5 and Verify (Public Key Utility)
Generates a Dilithium5 key, signs a file, and verifies the signature using either the same alias or a publicly exported key. Demonstrates server-side plus external verification capability.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 11 Example:
*
* - Generate an asymmetric key (Dilithium5)
* - Sign a file (non-streaming)
* - Export the public key
* - Verify the signature (non-streaming)
*
*/
public class ExampleScenario11 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 11 START =====");
System.out.println("Purpose: Demonstrates Dilithium5 key generation, non-streaming sign, and verify.");
Properties props = new Properties();
try {
props.load(ExampleScenario11.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 11: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Prepare file to sign
File docFile = new File("doc11.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(docFile))) {
writer.write("Scenario11: Non-streaming sign/verify with Dilithium5 (utilitarian).");
} catch (IOException ioEx) {
System.err.println("SCENARIO 11: Could not create doc11.txt: " + ioEx.getMessage());
System.exit(1);
}
String alias = "scenario11Dil5_" + System.currentTimeMillis();
try {
// Generate Dilithium5
sdk.generateAsymmetricKey("Dilithium5", alias);
System.out.println("Generated Dilithium5 key, alias=" + alias);
// Sign (non-streaming)
File signatureFile = new File("doc11.sig");
sdk.signFile(alias, docFile.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("Signed file -> " + signatureFile.getAbsolutePath());
// Export public key
File exportedPub = new File("scenario11_pubDil5.key");
sdk.exportPublicKey(alias, exportedPub.getAbsolutePath());
System.out.println("Exported public key -> " + exportedPub.getAbsolutePath());
// Verify signature (non-streaming)
boolean isValid = sdk.verifySignatureBoolean(
alias,
docFile.getAbsolutePath(),
signatureFile.getAbsolutePath()
);
System.out.println("Signature valid? " + isValid);
if (!isValid) {
System.err.println("SCENARIO 11: Signature verification failed!");
} else {
System.out.println("SCENARIO 11: Success! Signature verified correctly.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 11: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("SCENARIO 11: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 12: Re-sign Streaming (RSA-2048 to FALCON-1024)
A streaming-based re-sign from RSA to Falcon, highlighting efficient post-quantum upgrading for large files.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 12 Example:
*
* - Generate an RSA-2048 key (oldAlias)
* - Sign a file (streaming)
* - Generate a FALCON-1024 key (newAlias)
* - Re-sign the file by streaming (oldSignature => newSignature)
* - Verify the new signature by streaming
*
*/
public class ExampleScenario12 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 12 START =====");
System.out.println("Purpose: Re-sign a file from RSA-2048 to FALCON-1024 (streaming).");
Properties props = new Properties();
try {
props.load(ExampleScenario12.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 12: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Prepare data
File dataFile = new File("doc12.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(dataFile))) {
writer.write("Scenario12 data: re-sign from RSA-2048 to FALCON-1024 (streaming).");
} catch (IOException ioEx) {
System.err.println("SCENARIO 12: Could not write doc12.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// 1) Generate RSA-2048 (oldAlias)
String oldAlias = "scenario12RSA2048_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("RSA-2048", oldAlias);
System.out.println("Generated RSA-2048 key -> " + oldAlias);
// 2) Sign-file-stream with oldAlias
File oldSig = new File("doc12_old.sig");
sdk.signFileStream(oldAlias, dataFile.getAbsolutePath(), oldSig.getAbsolutePath());
System.out.println("Signed file (stream) -> " + oldSig.getAbsolutePath());
// 3) Generate FALCON-1024 (newAlias)
String newAlias = "scenario12Falcon1024_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("FALCON-1024", newAlias);
System.out.println("Generated FALCON-1024 key -> " + newAlias);
// 4) Re-sign-file-stream from oldAlias to newAlias
File newSig = new File("doc12_new.sig");
sdk.resignFileStream(
oldAlias,
newAlias,
oldSig.getAbsolutePath(),
dataFile.getAbsolutePath(),
newSig.getAbsolutePath()
);
System.out.println("Re-signed file from RSA->FALCON -> " + newSig.getAbsolutePath());
// 5) Verify the new signature by streaming
boolean isValid = sdk.verifySignatureStream(
newAlias,
dataFile.getAbsolutePath(),
newSig.getAbsolutePath()
);
System.out.println("New signature valid? " + isValid);
if (!isValid) {
System.err.println("SCENARIO 12: Re-sign verification failed!");
} else {
System.out.println("SCENARIO 12: Success! Re-signed signature is valid (stream).");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 12: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("SCENARIO 12: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 13: Import PKCS#12 and Perform Sign/Encrypt
Shows how to import a private key from a .p12 file, sign data, export the public key if needed, then encrypt and decrypt data with that newly imported alias.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.asn1.x500.X500Name;
import org.bouncycastle.cert.X509CertificateHolder;
import java.io.*;
import java.nio.file.Files;
import java.nio.file.Path;
import java.security.*;
import java.security.cert.X509Certificate;
import java.util.Calendar;
import java.util.Date;
import java.util.Properties;
/**
* Scenario 13 Example:
*
* - Create a temporary PKCS#12 file containing an RSA keypair + self-signed cert.
* - Import that .p12 into the encryption service as a new alias.
* - Sign a file (streaming) using that alias.
* - Export the public key from that alias.
* - Encrypt using that public key (non-streaming).
* - Decrypt using that same alias (private key) in the encryption service.
*
*
* Demonstrates how to handle a PKCS#12 file and import it into the service.
*/
public class ExampleScenario13 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 13 START =====");
System.out.println("Purpose: Demonstrate importing a .p12 private key, then signing & encrypting.");
Properties props = new Properties();
try {
props.load(ExampleScenario13.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientId = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientId, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 13: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
try {
// (1) Create local PKCS#12 file (RSA keypair + self-signed cert)
Path p12File = new File("scenario13_key.p12").toPath();
String p12Password = "myP12pass";
createTestPkcs12(p12File, p12Password);
System.out.println("Generated local PKCS#12 file -> " + p12File);
// (2) Create an alias for the imported private key
String importedAlias = "scenario13Imported_" + System.currentTimeMillis();
// (3) Import the .p12
sdk.importPrivateKey(importedAlias, p12File.toAbsolutePath().toString(), p12Password);
System.out.println("Imported private key alias -> " + importedAlias);
// (4) Sign a file in streaming mode
File dataToSign = new File("doc13.txt");
Files.writeString(dataToSign.toPath(), "Scenario13 data: signing with an imported .p12 private key (stream).");
File signatureFile = new File("doc13.sig");
sdk.signFileStream(importedAlias, dataToSign.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("Signed file -> " + signatureFile.getAbsolutePath());
// (5) Export public key
File exportedPub = new File("scenario13_imported_pub.key");
sdk.exportPublicKey(importedAlias, exportedPub.getAbsolutePath());
System.out.println("Exported public key -> " + exportedPub.getAbsolutePath());
// (6) Encrypt the file with that alias (non-streaming) or public key
// For demonstration, use the alias-based encryption:
File encryptedFile = new File("doc13.enc");
sdk.encryptFile(importedAlias, dataToSign.getAbsolutePath(), encryptedFile.getAbsolutePath());
System.out.println("Encrypted file -> " + encryptedFile.getAbsolutePath());
// (7) Decrypt with the same alias
File decryptedFile = new File("doc13_dec.txt");
sdk.decryptFile(importedAlias, encryptedFile.getAbsolutePath(), decryptedFile.getAbsolutePath());
System.out.println("Decrypted file -> " + decryptedFile.getAbsolutePath());
// (8) Validate
String origContent = Files.readString(dataToSign.toPath());
String decContent = Files.readString(decryptedFile.toPath());
if (!origContent.equals(decContent)) {
System.err.println("SCENARIO 13: Mismatch! Decrypted content does NOT match.");
} else {
System.out.println("SCENARIO 13: Success! Decrypted content matches original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 13: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("SCENARIO 13: File I/O error => " + ioEx.getMessage());
} catch (Exception e) {
System.err.println("SCENARIO 13: Unexpected error => " + e.getMessage());
e.printStackTrace();
}
}
/**
* Creates a simple PKCS#12 file containing a newly generated RSA keypair
* and a self-signed certificate for demonstration/test usage.
*
* @param p12Path Path to write the .p12 file
* @param password Password for the PKCS#12 store
* @throws Exception if an error occurs generating the keypair/certificate
*/
private static void createTestPkcs12(Path p12Path, String password) throws Exception {
// Add BouncyCastle as a security provider if not already
Security.addProvider(new BouncyCastleProvider());
// 1) Generate RSA keypair
KeyPairGenerator kpg = KeyPairGenerator.getInstance("RSA");
kpg.initialize(2048);
KeyPair kp = kpg.generateKeyPair();
// 2) Create a self-signed certificate
X509Certificate cert = generateSelfSignedCertificate(kp, "CN=Scenario13Test, O=Testing, C=US");
// 3) Initialize an in-memory PKCS12 keystore
KeyStore ks = KeyStore.getInstance("PKCS12");
ks.load(null, password.toCharArray());
// 4) Store the key + cert chain
ks.setKeyEntry("testkey", kp.getPrivate(), password.toCharArray(), new java.security.cert.Certificate[]{cert});
// 5) Write to disk
try (FileOutputStream fos = new FileOutputStream(p12Path.toFile())) {
ks.store(fos, password.toCharArray());
}
}
/**
* Generates a minimal self-signed X.509 certificate for the provided
* KeyPair and subject DN, using BouncyCastle.
*
* @param keyPair The RSA key pair
* @param subjectDn The subject DN string, e.g. \"CN=Test\"
* @return a self-signed X509Certificate
* @throws Exception if anything goes wrong
*/
private static X509Certificate generateSelfSignedCertificate(KeyPair keyPair, String subjectDn) throws Exception {
X500Name issuer = new X500Name(subjectDn);
X500Name subject = issuer;
java.math.BigInteger serial = java.math.BigInteger.valueOf(System.currentTimeMillis());
Date notBefore = new Date();
Calendar cal = Calendar.getInstance();
cal.add(Calendar.YEAR, 1);
Date notAfter = cal.getTime();
JcaX509v3CertificateBuilder builder = new JcaX509v3CertificateBuilder(
issuer,
serial,
notBefore,
notAfter,
subject,
keyPair.getPublic()
);
ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256withRSA")
.build(keyPair.getPrivate());
X509CertificateHolder certHolder = builder.build(contentSigner);
return new JcaX509CertificateConverter()
.setProvider(new BouncyCastleProvider())
.getCertificate(certHolder);
}
}
Flow 14: Key Management & License Checks (Kyber768)
Demonstrates how to list keys, generate a Kyber768 key, export and remove it, re-import the public key, and finally check the license status.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.IOException;
import java.nio.file.Path;
import java.util.Properties;
/**
* Scenario 14 Example:
*
* - List existing keys
* - Generate a Kyber768 key
* - Export the public key
* - Remove the newly generated key
* - Import the public key back in
* - Obtain license info and print it
*
*/
public class ExampleScenario14 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 14 START =====");
System.out.println("Purpose: List keys, generate a Kyber768 key, export/remove/re-import it, then get license info.");
Properties props = new Properties();
try {
props.load(ExampleScenario14.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientIdProp = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientIdProp, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 14: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
try {
// 1) List existing keys
String keyList = sdk.listKeysAsDto();
System.out.println("[SCENARIO 14] Existing keys:\n" + keyList);
// 2) Generate a Kyber768 key
String testAlias = "scenario14Kyber768_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Kyber768", testAlias);
System.out.println("Generated Kyber768 key -> " + testAlias);
// 3) Export public key
Path exportedPub = Path.of("scenario14_pub.key");
sdk.exportPublicKey(testAlias, exportedPub.toAbsolutePath().toString());
System.out.println("Exported public key -> " + exportedPub.toAbsolutePath());
// 4) Remove the newly generated key
sdk.removeKey(testAlias);
System.out.println("Removed key alias -> " + testAlias);
// 5) Import the public key back in
sdk.importPublicKey(
testAlias,
exportedPub.toAbsolutePath().toString(),
"Kyber768"
);
System.out.println("Re-imported public key as -> " + testAlias);
// 6) Get license info (requires a real clientId from your environment)
String clientId = "myAppId"; // adjust as needed
String licenseSummary = sdk.getLicenseInfo(clientId);
System.out.println("[SCENARIO 14] License Info:\n" + licenseSummary);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 14: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("SCENARIO 14: I/O error => " + ioEx.getMessage());
}
}
}
Flow 15: Dilithium5 Sign/Verify (Streaming)
Highlights streaming sign/verify using Dilithium5 for large files, plus the option to verify with only a public key on a separate system.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.util.Properties;
/**
* Scenario 15 Example:
*
* - Generate an asymmetric key (Dilithium5)
* - Export the public key
* - Sign a file (streaming)
* - Verify signature (streaming) using the exported public key
*
*/
public class ExampleScenario15 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 15 START =====");
System.out.println("Purpose: Sign a file with Dilithium5 (stream), then verify-stream using public key file.");
Properties props = new Properties();
try {
props.load(ExampleScenario15.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientIdProp = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientIdProp, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 15: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Prepare data file
File dataFile = new File("scenario15_data.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(dataFile))) {
writer.write("Scenario15 data: Testing sign-file-stream with Dilithium5, then verify via publickey-stream.");
} catch (IOException ioEx) {
System.err.println("SCENARIO 15: File I/O error -> " + ioEx.getMessage());
System.exit(1);
}
try {
// 1) Generate Dilithium5
String alias = "scenario15Dil5_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Dilithium5", alias);
System.out.println("Generated Dilithium5 key -> " + alias);
// 2) Export public key
File exportedPubKey = new File("scenario15_dil5_pub.key");
sdk.exportPublicKey(alias, exportedPubKey.getAbsolutePath());
System.out.println("Exported public key -> " + exportedPubKey.getAbsolutePath());
// 3) Sign file (streaming)
File signatureFile = new File("scenario15.sig");
sdk.signFileStream(alias, dataFile.getAbsolutePath(), signatureFile.getAbsolutePath());
System.out.println("Signed file (stream) -> " + signatureFile.getAbsolutePath());
// 4) Verify signature using public key (streaming)
boolean isValid = sdk.verifySignaturePublicKeyStream(
"Dilithium5",
exportedPubKey.getAbsolutePath(),
dataFile.getAbsolutePath(),
signatureFile.getAbsolutePath()
);
System.out.println("PublicKey-based streaming signature valid? " + isValid);
if (!isValid) {
System.err.println("SCENARIO 15: Signature verification failed!");
} else {
System.out.println("SCENARIO 15: Success! Verified signature via public key stream.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 15: SDK error => " + ex.getMessage());
} catch (RuntimeException ioEx) {
System.err.println("SCENARIO 15: File I/O error => " + ioEx.getMessage());
}
}
}
Flow 16: Kyber1024 Encrypt/Decrypt (Streaming)
Demonstrates how to export a Kyber1024 public key, use it for streaming encryption, and then decrypt the resulting ciphertext using the private key inside the server keystore.
package co.ankatech.ankasecure.sdk.examples;
import co.ankatech.ankasecure.sdk.AnkaSecureSdk;
import co.ankatech.ankasecure.sdk.exception.AnkaSecureSdkException;
import java.io.BufferedWriter;
import java.io.File;
import java.io.FileWriter;
import java.io.IOException;
import java.nio.file.Files;
import java.util.Properties;
/**
* Scenario 16 Example:
*
* - Generate an asymmetric key (Kyber1024)
* - Export the newly created public key
* - Encrypt a file using the public key stream endpoint
* - Decrypt the file using the private key alias (streaming)
* - Validate the final output
*
*/
public class ExampleScenario16 {
public static void main(String[] args) {
// Print scenario header
System.out.println("===== SCENARIO 16 START =====");
System.out.println("Purpose: Demonstrate encrypt-file-publickey-stream with Kyber1024, then decrypt-file-stream.");
Properties props = new Properties();
try {
props.load(ExampleScenario16.class.getResourceAsStream("/cli.properties"));
} catch (IOException | NullPointerException e) {
System.err.println("Could not load cli.properties: " + e.getMessage());
System.exit(1);
}
// Build SDK and authenticate
AnkaSecureSdk sdk = new AnkaSecureSdk(props);
String clientIdProp = props.getProperty("clientId");
String clientSecret = props.getProperty("clientSecret");
try {
sdk.authenticateApplication(clientIdProp, clientSecret);
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 16: Failed to authenticate: " + ex.getMessage());
System.exit(1);
}
// Prepare data file
File dataFile = new File("scenario16_data.txt");
try (BufferedWriter writer = new BufferedWriter(new FileWriter(dataFile))) {
writer.write("Scenario16 data: Testing encrypt-file-publickey-stream (Kyber1024), then decrypt-file-stream with alias.");
} catch (IOException ioEx) {
System.err.println("SCENARIO 16: Could not create scenario16_data.txt: " + ioEx.getMessage());
System.exit(1);
}
try {
// 1) Generate Kyber1024
String alias = "scenario16Kyber1024_" + System.currentTimeMillis();
sdk.generateAsymmetricKey("Kyber1024", alias);
System.out.println("Generated Kyber1024 key -> " + alias);
// 2) Export the public key
File exportedPubKey = new File("scenario16_kyber1024_pub.key");
sdk.exportPublicKey(alias, exportedPubKey.getAbsolutePath());
System.out.println("Exported public key -> " + exportedPubKey.getAbsolutePath());
// 3) Encrypt using public key stream
File encryptedFile = new File("scenario16.enc");
sdk.encryptFilePublicKeyStream(
"Kyber1024",
exportedPubKey.getAbsolutePath(),
dataFile.getAbsolutePath(),
encryptedFile.getAbsolutePath()
);
System.out.println("Encrypted file (publicKey-stream) -> " + encryptedFile.getAbsolutePath());
// 4) Decrypt using the private key alias (streaming)
File decryptedFile = new File("scenario16_dec.txt");
sdk.decryptFileStream(alias, encryptedFile.getAbsolutePath(), decryptedFile.getAbsolutePath());
System.out.println("Decrypted file (stream) -> " + decryptedFile.getAbsolutePath());
// 5) Validate
String originalContent = Files.readString(dataFile.toPath());
String decryptedContent = Files.readString(decryptedFile.toPath());
if (!originalContent.equals(decryptedContent)) {
System.err.println("SCENARIO 16: Mismatch in decrypted content!");
} else {
System.out.println("SCENARIO 16: Success! Decrypted data matches the original.");
}
} catch (AnkaSecureSdkException ex) {
System.err.println("SCENARIO 16: SDK error => " + ex.getMessage());
} catch (IOException ioEx) {
System.err.println("SCENARIO 16: File I/O error => " + ioEx.getMessage());
}
}
}