AnkaSecure SDK β Integration Flows
The SDK ships with 34 runnable reference flows that demonstrate, line by line, how to solve the most common (and a few advanced) cryptographic tasks with AnkaSecure:
- classical β post-quantum migration
- detached-stream processing of multi-gigabyte files
- key-life-cycle automation, immediate rotation, RFC 7396 merge-patches
- public-key utilities that never persist material server-side
Each flow lives in its own Markdown file containing copy-paste-ready Java code β no stubs, no ellipsis.
How to use the flows
- Choose a scenario from the table below.
- Click βView Codeβ to open the standalone
.mdthat contains the full Java class (it has amainmethod). - Compile & run with your
cli.propertiesor adapt snippets into your project.
Need the bigger picture ? * SDK Overview β architecture & design goals * SDK Usage Guide β setup, authentication, and basic operations
Integration Flows Catalogue
π― Getting Started (2 flows)
Start here if you're new to the SDK.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 19 | Algorithm Discovery | π Discovery | Discover RECOMMENDED algorithms, run smoke tests | View Code |
| 20 | In-Memory Quick-Start | π¦ Compact | 100-line reference (encrypt + sign + verify) | View Code |
π Basic Operations - Streaming (4 flows)
For large files (GB-scale) or unlimited size operations.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 1 | Asymmetric Encrypt/Decrypt | π Streaming | GB-scale PQC encryption (ML-KEM-512) | View Code |
| 2 | Detached-JWS Sign/Verify | π Streaming | Log archives, CI/CD artifact signing | View Code |
| 3 | Symmetric Encrypt/Decrypt | π Streaming | Fast AES-256 for big datasets | View Code |
| 4 | Asymmetric Re-encrypt | π Streaming | RSA β ML-KEM migration (zero plaintext exposure) | View Code |
π¦ Basic Operations - Compact (3 flows)
For small files (< 5 MB) or API/JSON transmission.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 5 | ML-KEM-512 Compact | π¦ Compact | Unit tests, microservices, small payloads | View Code |
| 6 | ML-DSA-87 Compact | π¦ Compact | Config files, JSON messages (< 5 MB) | View Code |
| 7 | AES-256 Compact | π¦ Compact | Database secrets, tokens, credentials | View Code |
π Advanced Operations (8 flows)
For complex scenarios: rotation, nested operations, bulk processing.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 8 | EC-521 β ML-KEM-768 Re-encrypt | π¦ Compact | Small-message PQC upgrade | View Code |
| 9 | RSA-2048 β ML-DSA-65 Re-sign | π¦ Compact | JWT/JSON signature upgrade | View Code |
| 12 | Stream Re-sign (RSA β Falcon) | π Streaming | Large-file signature upgrade | View Code |
| 15 | ML-DSA-87 Streaming Sign/Verify | π Streaming | High-throughput PQC signing | View Code |
| 16 | ML-KEM-1024 Streaming Encrypt | π Streaming | Archive-grade encryption (30-year) | View Code |
| 21 | Compact Token Rotation | π¦ Compact | Bulk re-encrypt JWEs (< 5 MB each) | View Code |
| 22 | Stream Signature Verification | π Streaming | Continuous object-storage scanning | View Code |
| 24 | Sign-Then-Encrypt Nested | π Combined | Authenticated encryption (JWE(JWS)) | View Code |
π Key Lifecycle & Management (6 flows)
For key operations: generation, rotation, patching, revocation, sharing.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 14 | Key Lifecycle Walkthrough | π Lifecycle | End-to-end: generate β export β revoke | View Code |
| 17 | Immediate Key Rotation | π Rotation | One-call rotation with metadata probe | View Code |
| 18 | Dynamic Limit/Lifetime Patch | π§ Patch | RFC 7396 merge-patch (no downtime) | View Code |
| 23 | RSA β ML-KEM Immediate Rotation | π Rotation | Heterogeneous algorithm rotation | View Code |
| 27 | Lifecycle with Revocation | π Lifecycle | ACTIVE β REVOKED enforcement | View Code |
| 28 | Export and Share Public Keys | π B2B | B2B key distribution with fingerprints | View Code |
π Migration & Interoperability (5 flows)
For legacy integration: PKCS#12, PKCS#7, external keys.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 10 | Public-Key Encrypt/Decrypt | π Interop | Client-side encrypt, no keystore import | View Code |
| 11 | Public-Key Sign/Verify | π Interop | Server signature, local verification | View Code |
| 13 | PKCS#12 Import & Hybrid Crypto | π Migration | Onboard legacy CA keys | View Code |
| 25 | External Key Interoperability | π Interop | B2B without keystore pollution | View Code |
| 26 | PKCS#7 to JOSE Migration | π Migration | Legacy PKCS#7 β modern JWE/JWS | View Code |
ποΈ Composite Hybrid Keys (6 flows)
For quantum-resistant security: classical + PQC defense-in-depth.
| # | Flow Name | Key Pattern | When to Use | Code |
|---|---|---|---|---|
| 29 | Composite Hybrid Keys Usage | ποΈ Composite | NIST CSWP 39, GSA PQC compliance | View Code |
| 30 | Regulatory Compliance Templates | ποΈ Composite | BSI, ANSSI, ETSI, EU, NIST, ENISA | View Code |
| 31 | Security Level Matching | ποΈ Composite | Validate NIST Level 3/5 consistency | View Code |
| 32 | KDF Comparison | ποΈ Composite | HKDF, KMAC256, CatKDF, CasKDF | View Code |
| 33 | Composite Key Builder API | ποΈ Composite | 4 builder approaches (reduce boilerplate) | View Code |
| 34 | Composite Key Rotation | ποΈ Composite | COMPOSITE_KEM_COMBINE rotation | View Code |
Composite Key Flows (29-34): These flows demonstrate quantum-resistant hybrid cryptography combining classical and post-quantum algorithms. Supports 35 validated composite pairings (24 COMPOSITE_KEM_COMBINE + 11 COMPOSITE_SIGNATURE) across NIST FIPS 203/204 and ETSI standards.
Running the examples
- Provide credentials β ensure
cli.propertiesis available or pass-Dcli.config=/path/to/cli.properties. - Open the flow youβre interested in and compile the Java class.
- Execute β every class has a ready-to-run
main. - Inspect artefacts & console output to see keys, ciphertext, signatures, warnings, and metadata envelopes.
Need the CLI instead of Java?
The AnkaSecure Crypto CLI provides 40 commands covering all operations demonstrated in these flows and more. See the complete CLI Commands Reference for command-line usage.
Conclusion
These integration flows are production-grade blueprints that make it trivial to:
- adopt post-quantum algorithms,
- stream-encrypt multi-terabyte data sets,
- rotate keys or signatures without exposing plaintext,
- and enforce life-cycle policy in minutes rather than weeks.
For deeper dives read SDK Usage Guide and SDK Overview or contact [email protected].
Β© 2025 ANKATech Solutions INC β All rights reserved.