Quick Reference Guide
Common commands and quick decisions - bookmark this page
📥 Download as PDF | 📥 Print-friendly version
Common Commands (Copy-Paste Ready)
Authentication
# Get JWT token
curl -X POST https://api.ankatech.co/auth/token \
-d '{"apiKey":"YOUR_API_KEY"}'
# Store token for subsequent requests
export TOKEN="eyJhbGc..."
Generate Keys
# Standard PQC key (recommended)
curl -X POST https://api.ankatech.co/keys \
-H "Authorization: Bearer $TOKEN" \
-d '{"algorithm":"ML_KEM_1024"}'
# Composite key (maximum security)
curl -X POST https://api.ankatech.co/keys/composite \
-H "Authorization: Bearer $TOKEN" \
-d '{
"classicalAlgorithm":"RSA_4096",
"pqcAlgorithm":"ML_KEM_1024",
"mode":"HYBRID_KEM_COMBINE"
}'
# Signing key
curl -X POST https://api.ankatech.co/keys \
-H "Authorization: Bearer $TOKEN" \
-d '{"algorithm":"ML_DSA_87","purpose":"DIGITAL_SIGNATURE"}'
Encrypt & Decrypt
# Encrypt data
curl -X POST https://api.ankatech.co/encrypt \
-H "Authorization: Bearer $TOKEN" \
-d '{"keyId":"KEY_ID","plaintext":"Your data here"}'
# Decrypt data
curl -X POST https://api.ankatech.co/decrypt \
-H "Authorization: Bearer $TOKEN" \
-d '{"keyId":"KEY_ID","ciphertext":"eyJhbGc..."}'
# Encrypt file
curl -X POST https://api.ankatech.co/encrypt \
-H "Authorization: Bearer $TOKEN" \
-F "keyId=KEY_ID" \
-F "[email protected]" \
-o document.pdf.enc
Sign & Verify
# Sign document
curl -X POST https://api.ankatech.co/sign \
-H "Authorization: Bearer $TOKEN" \
-d '{"keyId":"SIGNING_KEY","document":"Document to sign"}'
# Verify signature
curl -X POST https://api.ankatech.co/verify \
-H "Authorization: Bearer $TOKEN" \
-d '{"keyId":"SIGNING_KEY","signature":"eyJhbGc...","document":"..."}'
Key Management
# List all keys
curl https://api.ankatech.co/keys \
-H "Authorization: Bearer $TOKEN"
# Get key details
curl https://api.ankatech.co/keys/KEY_ID \
-H "Authorization: Bearer $TOKEN"
# Rotate key
curl -X PATCH https://api.ankatech.co/keys/KEY_ID/rotate \
-H "Authorization: Bearer $TOKEN" \
-d '{"targetAlgorithm":"ML_KEM_1024"}'
# Delete key
curl -X DELETE https://api.ankatech.co/keys/KEY_ID \
-H "Authorization: Bearer $TOKEN"
Quick Decisions
Which Algorithm Should I Use?
| Your Need | Recommended Algorithm | Why |
|---|---|---|
| Standard encryption | ML-KEM-1024 | Best balance (7ms, L5 security, quantum-resistant) |
| High-performance | ML-KEM-768 | Faster decrypt (6ms), L3 security |
| Maximum security | Composite (RSA + ML-KEM) | Defense-in-depth, 1000× more secure |
| Standard signature | ML-DSA-65 | Balanced (5ms sign, 3.3 KB signature) |
| Maximum signature | ML-DSA-87 | TOP SECRET approved (8ms sign) |
| Long-term signature | SLH-DSA-SHAKE-256f | Stateless (50+ year validity) |
| Symmetric bulk | AES-256-GCM | Fastest (3ms, but needs KEK) |
Default choice: ML-KEM-1024 (covers 80% of use cases)
SaaS or On-Premise?
| If You... | Choose |
|---|---|
| < 3M ops/month | SaaS (cheaper + zero-ops) |
| > 3M ops/month | On-Premise (cost optimization) |
| Need air-gapped | On-Premise (offline mode) |
| Want zero DevOps | SaaS (fully managed) |
| Federal/classified | On-Premise (data sovereignty) |
| Startup/small team | SaaS (focus on product) |
| Enterprise/high-volume | On-Premise (control + cost) |
Break-even: ~3M operations/month
NIST Security Level?
| Data Sensitivity | NIST Level | Algorithm | Example |
|---|---|---|---|
| Public | N/A | No encryption | Public website content |
| Internal | L1 (128-bit) | ML-KEM-512 | Application logs |
| Confidential | L3 (192-bit) | ML-KEM-768 | Customer PII |
| Secret | L5 (256-bit) | ML-KEM-1024 | Financial transactions |
| Top Secret | L5 + Composite | RSA + ML-KEM | Classified documents |
Default choice: NIST L5 (ML-KEM-1024) unless performance critical
Common Error Messages
"Invalid JWT token"
Error:
Fix:
"Key not found"
Error:
Fixes: 1. List all keys to find correct keyId
- Generate key if missing
"Payload too large"
Error:
Fix: Use streaming API
# Change from compact to streaming
curl -X POST https://api.ankatech.co/stream/encrypt \
-F "[email protected]" # Supports up to 100 GB
"Algorithm not allowed"
Error:
Fix: Use FIPS/CNSA approved algorithm
# Replace ChaCha20 with AES-256-GCM or ML-KEM
curl -X POST https://api.ankatech.co/keys \
-d '{"algorithm":"ML_KEM_1024"}' # Always approved
Performance Quick Reference
Algorithm Speed (1KB Payload)
| Operation | Fastest | Slowest | Recommended |
|---|---|---|---|
| Encrypt | AES-256 (3ms) | Composite (5ms) | ML-KEM-1024 (3ms) |
| Decrypt | AES-256 (5ms) | Composite (13ms) | ML-KEM-1024 (7ms) |
| Sign | Ed25519 (2ms) | SLH-DSA (12ms) | ML-DSA-65 (5ms) |
| Verify | Ed25519 (3ms) | ML-DSA-87 (7ms) | ML-DSA-65 (5ms) |
Fastest PQC: ML-KEM-768 (6ms decrypt) Best balance: ML-KEM-1024 (7ms decrypt, maximum security)
Throughput by Node Count
| Nodes | Throughput (ML-KEM-1024) | Use Case |
|---|---|---|
| 1 | 1,200 ops/sec | Development, small apps |
| 3 | 3,500 ops/sec | Production (small) |
| 6 | 6,800 ops/sec | Production (medium) |
| 12 | 12,500 ops/sec | Production (large) |
| 50 | 50,000 ops/sec | Enterprise (high-volume) |
Scaling efficiency: 87-97% (nearly linear)
Compliance Quick Reference
Federal Requirements
| Standard | Algorithm Required | Status |
|---|---|---|
| NIST FIPS 203 | ML-KEM | ✅ Supported |
| NIST FIPS 204 | ML-DSA | ✅ Supported |
| FIPS 140-2 | Any | ✅ Validated (#4616) |
| GSA PQC | Composite (AND-decrypt) | ✅ Compliant |
| CNSA 2.0 | ML-KEM-768/1024, ML-DSA-65/87 | ✅ Approved |
Quick check:
Industry Requirements
| Industry | Regulation | Algorithm | Compliance Page |
|---|---|---|---|
| Financial | PCI DSS 3.6.1 | AES-256-GCM (FIPS) | Link |
| Healthcare | HIPAA §164.312 | ML-KEM-1024 (quantum-ready) | Link |
| Government | FISMA | FIPS-validated | Link |
| Defense | CNSA 2.0 | ML-KEM-1024, ML-DSA-87 | Link |
API Endpoints Cheat Sheet
| Operation | Method | Endpoint |
|---|---|---|
| Authenticate | POST | /auth/token |
| Generate key | POST | /keys |
| Encrypt | POST | /encrypt |
| Decrypt | POST | /decrypt |
| Sign | POST | /sign |
| Verify | POST | /verify |
| List keys | GET | /keys |
| Import PKCS#12 | POST | /migration/private-keys |
| Re-encrypt | POST | /crypto/reencrypt |
| Stream encrypt | POST | /stream/encrypt |
Full API reference: OpenAPI spec
Migration Workflow Summary
Complete migration in 4 steps:
# Step 1: Import legacy key (5 min)
curl -X POST https://api.ankatech.co/migration/private-keys \
-F "[email protected]"
# Step 2: Analyze compatibility (3 min)
curl -X POST https://api.ankatech.co/migration/analyze \
-d '{"keyId":"legacy-001"}'
# Step 3: Generate PQC key (1 min)
curl -X POST https://api.ankatech.co/keys \
-d '{"algorithm":"ML_KEM_1024"}'
# Step 4: Re-encrypt data (variable)
curl -X POST https://api.ankatech.co/crypto/reencrypt \
-d '{
"sourceKeyId":"legacy-001",
"targetKeyId":"pqc-001",
"ciphertext":"..."
}'
Total time: 10-15 minutes (for first file)
Bulk: Add /batch/ to endpoint for 1000s of files
SDK Code Snippets
Java SDK
// Initialize client
AnkaSecureClient client = new AnkaSecureClient(apiKey);
// Encrypt
EncryptRequest req = EncryptRequest.builder()
.algorithm("ML_KEM_1024")
.plaintext("data".getBytes())
.build();
byte[] ciphertext = client.encrypt(req).getCiphertext();
// Decrypt
byte[] plaintext = client.decrypt(
DecryptRequest.builder()
.keyId("mlkem-001")
.ciphertext(ciphertext)
.build()
).getPlaintext();
// Sign
byte[] signature = client.sign(
SignRequest.builder()
.algorithm("ML_DSA_87")
.document("data".getBytes())
.build()
).getSignature();
CLI Tool
# Generate key
ankasecure-cli key generate --algorithm ML_KEM_1024
# Encrypt file
ankasecure-cli encrypt --key-id mlkem-001 --input data.txt
# Decrypt file
ankasecure-cli decrypt --key-id mlkem-001 --input data.txt.enc
# Sign file
ankasecure-cli sign --key-id mldsa-001 --input document.pdf
# Verify signature
ankasecure-cli verify --key-id mldsa-001 --input document.pdf.sig
Pricing Quick Reference
SaaS Tiers
| Tier | Operations/Month | Price | Best For |
|---|---|---|---|
| Free Trial | 10K/day × 30 days | $0 | Evaluation |
| Starter | Up to 1M | $1,250/mo | Small teams |
| Professional | Up to 10M | $3,500/mo | Growing companies |
| Enterprise | Unlimited | Custom | High-volume |
Overage: $0.30 per additional 10K operations
On-Premise Pricing
| License | Annual Cost | Operations | Support |
|---|---|---|---|
| Annual | $25,000 | Unlimited | Standard |
| Perpetual | $50,000 + $10K/year | Unlimited | Standard |
| Enterprise | Custom | Unlimited | Premium (24/7) |
Break-even: ~3M operations/month (vs SaaS)
Support Channels
Get Help
| Channel | Response Time | Best For |
|---|---|---|
| Documentation | Instant | Common questions |
| Community Forum | < 24 hours | Developer questions |
| Email Support | < 48 hours | Technical issues |
| Slack (Enterprise) | < 2 hours | Urgent issues |
| Phone (Enterprise) | < 1 hour | Critical outages |
Email: [email protected] Forum: https://community.ankatech.co Sales: [email protected]
Compliance Checklist
Federal Procurement
- [ ] NIST FIPS 203 support? → ✅ ML-KEM
- [ ] NIST FIPS 204 support? → ✅ ML-DSA
- [ ] FIPS 140-2 validated? → ✅ Certificate #4616
- [ ] GSA PQC compliant? → ✅ 100%
- [ ] CNSA 2.0 approved? → ✅ Algorithms ready
- [ ] On-premise option? → ✅ Full-featured
- [ ] Air-gapped support? → ✅ Offline mode
Verdict: ✅ Federal procurement ready
Industry Compliance
- [ ] PCI DSS (financial)? → ✅ FIPS-validated AES-256
- [ ] HIPAA (healthcare)? → ✅ Encryption + audit logs
- [ ] GDPR (EU)? → ✅ Multi-tenant isolation
- [ ] SOC 2? → ⏳ In progress (Q4 2026)
Troubleshooting Quick Fixes
| Problem | Quick Fix |
|---|---|
| 401 Unauthorized | Refresh JWT token (/auth/token) |
| 404 Key not found | Check keyId spelling, list all keys |
| 413 Payload too large | Use /stream/ endpoint (not compact) |
| 429 Too many requests | Implement rate limiting, add delay |
| 500 Internal error | Check API status page, retry in 30sec |
Status page: https://status.ankatech.co
Common Use Cases
Encrypt Customer Data (SaaS Platform)
# Per-customer encryption
curl -X POST https://api.ankatech.co/encrypt \
-H "Authorization: Bearer $CUSTOMER_TOKEN" \
-d '{"algorithm":"ML_KEM_1024","plaintext":"Customer data"}'
Multi-tenancy: Automatic isolation per customer token
Encrypt Database Backup (Large File)
# 50 GB backup (streaming)
curl -X POST https://api.ankatech.co/stream/encrypt \
-F "algorithm=ML_KEM_1024" \
-F "[email protected]" \
-o backup-50gb.enc
Time: ~10 minutes (80 MB/s throughput)
Sign Software Release
# Code signing with long-term signature
curl -X POST https://api.ankatech.co/sign \
-d '{
"algorithm":"SLH_DSA_SHAKE_256f",
"document":"software-v3.0.0.tar.gz",
"purpose":"CODE_SIGNING"
}'
Validity: 50+ years (stateless signature)
Migrate from AWS KMS
# Export from AWS (public key only)
aws kms get-public-key --key-id alias/my-key > aws-public.pem
# Import to AnkaSecure
curl -X POST https://api.ankatech.co/migration/import/public-key \
-F "[email protected]"
# Generate new ML-KEM key for future encryptions
curl -X POST https://api.ankatech.co/keys \
-d '{"algorithm":"ML_KEM_1024"}'
Key Takeaways
Remember These 5 Things
-
Default algorithm: ML-KEM-1024 (covers 80% of use cases)
-
Cost break-even: 3M ops/month (SaaS cheaper below, on-premise cheaper above)
-
Federal compliance: Composite keys required (AND-decrypt, GSA PQC)
-
Large files: Use streaming (> 5 MB files, constant memory)
-
Migration: Zero-code (change algorithm via API, apps continue working)
Bookmark These Pages
Getting started: - Quick start guide - First encryption in 10 minutes
Migration: - Migration strategy - $840K savings story - Import operations - Bring legacy keys
Compliance: - NIST compliance - Federal requirements - Compliance overview - All standards
Competitive: - vs AWS KMS - Cost comparison - vs Vault - Feature comparison - Why AnkaSecure - Unique differentiators
What's Next?
Take action: - 🚀 Start free trial (5 minutes, no credit card) - 📥 Download SDK (Java, CLI tools) - 📖 Read full docs (comprehensive guides)
Get help: - 📧 Email support (technical questions) - 💬 Join forum (community help) - 📞 Schedule call (talk to expert)
Quick reference for AnkaSecure v3.0.0 | Last updated: 2026-01-07