Integration Flows: Java & CLI

These 16 flows illustrate real-world scenarios for encryption, signing, re-encryption, and re-signing, covering both classical and post-quantum algorithms. Each flow can be executed:

Flow 1: Asymmetric Encrypt/Decrypt (Streaming)
Java Approach

In Flow1AsymmetricEncryptDecrypt (or testScenario1GenerateAsymmetric_EncryptDecryptStream()):

CLI Approach
# 1) Generate an asymmetric key (Kyber512)
generate-asymmetric-key --algorithm Kyber512 --alias scenario1Key

# 2) Encrypt a file (streaming)
encrypt-file-stream --alias scenario1Key --input plain1.txt --output enc1.bin

# 3) Decrypt (streaming)
decrypt-file-stream --alias scenario1Key --input enc1.bin --output dec1.txt

Verify that dec1.txt matches plain1.txt.

Flow 2: Sign/Verify (Streaming)
Java Approach

In Flow2SignVerify (or testScenario2GenerateAsymmetric_SignVerifyStream()):

CLI Approach
# 1) Generate an asymmetric key (RSA-2048)
generate-asymmetric-key --algorithm RSA-2048 --alias scenario2Key

# 2) Sign a file (streaming)
sign-file-stream --alias scenario2Key --input doc2.txt --signature doc2.sig

# 3) Verify (streaming)
verify-signature-stream --alias scenario2Key --input doc2.txt --signature doc2.sig
Flow 3: Symmetric Encrypt/Decrypt (Streaming)
Java Approach

In Flow3SymmetricEncryptDecrypt (or testScenario3GenerateSymmetric_EncryptDecryptStream()):

CLI Approach
# 1) Generate AES-256 key
generate-symmetric-key --alias scenario3Sym --algorithm AES --keysize 256

# 2) Encrypt (streaming)
encrypt-file-symmetric-stream --alias scenario3Sym --input plain3.txt --output enc3.bin

# 3) Decrypt (streaming)
decrypt-file-symmetric-stream --alias scenario3Sym --input enc3.bin --output dec3.txt
Flow 4: Asymmetric Re-encrypt (Streaming)
Java Approach

In Flow4AsymmetricReencrypt (or testScenario4ReEncryptStream_RSAtoKyber()):

CLI Approach
# 1) Generate RSA-2048
generate-asymmetric-key --algorithm RSA-2048 --alias oldRsaKey

# 2) Encrypt (streaming) with oldRsaKey
encrypt-file-stream --alias oldRsaKey --input plain4.txt --output rsa_enc4.bin

# 3) Generate Kyber1024
generate-asymmetric-key --algorithm Kyber1024 --alias newKyberKey

# 4) Re-encrypt (streaming) from RSA to Kyber
reencrypt-file-stream --old-alias oldRsaKey --new-alias newKyberKey \
  --input rsa_enc4.bin --output kyber_enc4.bin

# 5) Decrypt with Kyber (streaming)
decrypt-file-stream --alias newKyberKey --input kyber_enc4.bin --output dec4.txt
Flow 5: Kyber512 Encrypt/Decrypt (Non-Streaming)
Java Approach

In Flow5Kyber512EncryptDecryptNonStreaming (or testScenario5AsymmetricKyber512_EncryptDecryptNonStreaming()):

CLI Approach
# 1) Generate Kyber512
generate-asymmetric-key --algorithm Kyber512 --alias scenario5Kyber512

# 2) Encrypt (non-streaming)
encrypt-file --alias scenario5Kyber512 --input plain5.txt --output enc5.bin

# 3) Decrypt (non-streaming)
decrypt-file --alias scenario5Kyber512 --input enc5.bin --output dec5.txt
Flow 6: Dilithium5 Sign/Verify (Non-Streaming)
Java Approach

In Flow6Dilithium5SignVerifyNonStreaming (or testScenario6AsymmetricDilithium5_SignVerifyNonStreaming()):

CLI Approach
# 1) Generate Dilithium5
generate-asymmetric-key --algorithm Dilithium5 --alias scenario6Dil5

# 2) Sign (non-streaming)
sign-file --alias scenario6Dil5 --input doc6.txt --signature doc6.sig

# 3) Verify (non-streaming)
verify-signature --alias scenario6Dil5 --input doc6.txt --signature doc6.sig
Flow 7: AES-256 Encrypt/Decrypt (Non-Streaming)
Java Approach

In Flow7Aes256EncryptDecryptNonStreaming (or testScenario7GenerateSymmetricAES256_EncryptDecryptNonStreaming()):

CLI Approach
# 1) Generate an AES-256 key
generate-symmetric-key --alias scenario7Aes256 --algorithm AES --keysize 256

# 2) Encrypt (non-streaming)
encrypt-file-symmetric --alias scenario7Aes256 --input plain7.txt --output enc7.bin

# 3) Decrypt (non-streaming)
decrypt-file-symmetric --alias scenario7Aes256 --input enc7.bin --output dec7.txt
Flow 8: EC-521 to Kyber768 Re-encrypt (Non-Streaming)
Java Approach

In Flow8Ec521ToKyber768ReencryptNonStreaming (or testScenario8ReEncryptEC521toKyber768NonStreaming()):

CLI Approach
# 1) Generate EC-521
generate-asymmetric-key --algorithm EC-521 --alias oldEcKey

# 2) Encrypt (non-streaming) with EC-521
encrypt-file --alias oldEcKey --input plain8.txt --output ec_enc8.bin

# 3) Generate Kyber768
generate-asymmetric-key --algorithm Kyber768 --alias newKyber768

# 4) Re-encrypt (non-streaming) from EC-521 to Kyber768
reencrypt-file --old-alias oldEcKey --new-alias newKyber768 \
  --input ec_enc8.bin --output kyber_enc8.bin

# 5) Decrypt (non-streaming) with Kyber768
decrypt-file --alias newKyber768 --input kyber_enc8.bin --output dec8.txt
Flow 9: RSA-2048 to Dilithium3 Re-sign (Non-Streaming)
Java Approach

In Flow9RsaToDilithium3ResignNonStreaming (or testScenario9ReSignRSAtoDilithium3NonStreaming()):

CLI Approach
# 1) Generate RSA-2048
generate-asymmetric-key --algorithm RSA-2048 --alias oldRsa

# 2) Sign a file (non-streaming) with oldRsa
sign-file --alias oldRsa --input doc9.txt --signature doc9_old.sig

# 3) Generate Dilithium3
generate-asymmetric-key --algorithm Dilithium3 --alias newDil3

# 4) Re-sign from RSA to Dilithium3 (non-streaming)
resign-file --old-alias oldRsa --new-alias newDil3 \
  --input doc9.txt --old-signature doc9_old.sig --output doc9_new.sig

# 5) Verify new signature
verify-signature --alias newDil3 --input doc9.txt --signature doc9_new.sig
Flow 10: Asymmetric Public Key Utility
Java Approach

In Flow10AsymmetricPublicKeyUtility (or testScenario10Kyber1024UtilitarianEncryptDecrypt()):

CLI Approach
# 1) Generate Kyber1024
generate-asymmetric-key --algorithm Kyber1024 --alias scenario10Kyber

# 2) Export the public key
export-public-key --alias scenario10Kyber --output scenario10_pub.key

# 3) Encrypt (non-streaming) with scenario10Kyber
encrypt-file --alias scenario10Kyber --input plain10.txt --output enc10.bin

# 4) Decrypt with the same alias
decrypt-file --alias scenario10Kyber --input enc10.bin --output dec10.txt
Flow 11: Sign Dilithium5 and Verify (Public Key Utility)
Java Approach

In Flow11SignDilithium5AndVerifyPublicKeyUtility (or your test referencing testScenario11Dilithium5UtilitarianSignVerify()):

CLI Approach

To verify with a public key (not in the keystore), use the verify-signature-publickey-stream or the non-streaming variant. Example (non-streaming approach is verify-signature, but the public-key utility approach uses a different command): 

# 1) Generate Dilithium5
generate-asymmetric-key --algorithm Dilithium5 --alias scenario11Dil5

# 2) Sign-file (non-streaming)
sign-file --alias scenario11Dil5 --input doc11.txt --signature doc11.sig

# 3) Export public key
export-public-key --alias scenario11Dil5 --output scenario11_pub.key

# 4) Verify (non-streaming) with the same alias:
verify-signature --alias scenario11Dil5 --input doc11.txt --signature doc11.sig

# OR verify with the public key utility approach (streaming or not):
verify-signature-publickey-stream --algorithm Dilithium5 \
   --publicKey scenario11_pub.key --input doc11.txt --signature doc11.sig
Flow 12: Re-sign Streaming (RSA-2048 to FALCON-1024)
Java Approach

In Flow12AsymmetricResign (or testScenario12ReSignStreamRSAtoFALCON1024()):

CLI Approach
# 1) Generate RSA-2048 (old alias)
generate-asymmetric-key --algorithm RSA-2048 --alias oldRsa12

# 2) Sign-file-stream (RSA)
sign-file-stream --alias oldRsa12 --input doc12.txt --output doc12_rsa.sig

# 3) Generate FALCON-1024 (new alias)
generate-asymmetric-key --algorithm FALCON-1024 --alias newFalcon12

# 4) Re-sign-file-stream from oldRsa12 to newFalcon12
resign-file-stream --old-alias oldRsa12 --new-alias newFalcon12 \
   --old-signature doc12_rsa.sig --input doc12.txt --output doc12_falcon.sig

# 5) Verify-signature-stream with the new alias
verify-signature-stream --alias newFalcon12 --input doc12.txt --signature doc12_falcon.sig
Flow 13: Import PKCS#12 and Perform Sign/Encrypt
Java Approach

In Flow13ImportP12SignEncryptDecrypt (or testScenario13ImportPrivateKeyFromP12_SignAndEncrypt()):

CLI Approach
# 1) import-private-key
import-private-key --alias myImportedAlias --input myKeystore.p12 --password p12Password

# 2) Sign-file-stream (or non-streaming) with that alias
sign-file-stream --alias myImportedAlias --input doc13.txt --output doc13.sig

# 3) Export the public key if you like
export-public-key --alias myImportedAlias --output doc13_pub.key

# 4) Encrypt a file using that public key
encrypt-file --alias myImportedAlias --input doc13.txt --output doc13.enc

# 5) Decrypt
decrypt-file --alias myImportedAlias --input doc13.enc --output doc13_dec.txt
Flow 14: Key Management & License Checks (Kyber768)
Java Approach

In Flow14Kyber768KeyManagementLicense (or testScenario14ListKeys_GenerateKey_ExportRemoveImport_GetLicense()):

CLI Approach
# 1) list-keys
list-keys

# 2) Generate a Kyber768 key
generate-asymmetric-key --algorithm Kyber768 --alias scenario14Kyber768

# 3) Export its public key
export-public-key --alias scenario14Kyber768 --output scenario14_pub.key

# 4) Remove the key
remove-key --alias scenario14Kyber768

# 5) Import the public key again
import-public-key --alias scenario14Kyber768 --input scenario14_pub.key --algorithm Kyber768

# 6) Get license info
get-license-info --client myAppId
Flow 15: Dilithium5 Sign/Verify (Streaming)
Java Approach

In Flow15Dilithium5SignVerifyStreaming (or testScenario15Dilithium5SignVerifyPublicKeyStream()):

CLI Approach
# 1) Generate Dilithium5
generate-asymmetric-key --algorithm Dilithium5 --alias scenario15Dil5

# 2) Sign a file (streaming)
sign-file-stream --alias scenario15Dil5 --input doc15.txt --output doc15.sig

# 3) Export the public key
export-public-key --alias scenario15Dil5 --output scenario15_pub.key

# 4) Verify signature (public-key approach, streaming)
verify-signature-publickey-stream --algorithm Dilithium5 \
  --publicKey scenario15_pub.key --input doc15.txt --signature doc15.sig
Flow 16: Kyber1024 Encrypt/Decrypt (Streaming)
Java Approach

In Flow16Kyber1024EncryptDecryptStreaming (or testScenario16Kyber1024EncryptDecryptPublicKeyStream()):

CLI Approach
# 1) Generate Kyber1024
generate-asymmetric-key --algorithm Kyber1024 --alias scenario16Kyber

# 2) Export the public key
export-public-key --alias scenario16Kyber --output scenario16_kyber_pub.key

# 3) Encrypt a file using publickey-stream
encrypt-file-publickey-stream --algorithm Kyber1024 \
  --publicKey scenario16_kyber_pub.key --input plain16.txt --output enc16.bin

# 4) Decrypt with the alias (streaming)
decrypt-file-stream --alias scenario16Kyber --input enc16.bin --output dec16.txt

With these 16 flows, you can explore:

See also the CLI Usage page for a full command reference, and Downloads to install the CLI. Each flow can be tested locally with your own files, letting you fully validate post-quantum security in your environment.