SDK Quick Start - Essential Examples

This page provides 6 minimal examples (10-15 lines each) demonstrating core SDK patterns without boilerplate. Each example links to complete production-ready flows with error handling, resource management, and edge cases.

Goal: Get your first SDK call working in under 2 minutes.

Example 1: Encrypt Any File (Auto-Detection - Recommended)

// ONE method handles any file size
AuthenticatedSdk sdk = factory.authenticateApplication(clientId, secret);
sdk.encryptFile("my-key", input, output);  // ← Automatic 5 MB threshold

How it works: The SDK automatically selects compact format (< 5 MB) or streaming format (≥ 5 MB) based on input size.

Complete production example: Flow 1 - Asymmetric Encrypt/Decrypt

Example 2: Decrypt Any Format (Auto-Detection)

// Works with both compact and streaming formats
sdk.decryptFile(encrypted, decrypted);  // ← Auto-detects input format

How it works: The SDK inspects the ciphertext header to determine if it's a compact JWE token or streaming chunks.

Complete production example: Flow 1 - Asymmetric Encrypt/Decrypt

Example 3: Compact Token for APIs (< 5 MB)

// Single-line JWE for REST API transmission
sdk.encryptFileCompact("api-key", config, output);
String jwe = Files.readString(output);  // ← One-line Base64 token
apiClient.post("/api/store", jwe);

When to use: Small payloads for microservices, JSON messages, unit tests.

Complete production example: Flow 5 - ML-KEM-512 Compact

Example 4: Large File Streaming (Constant Memory)

// 500 GB file, 64 KB RAM
sdk.encryptFileStream("archive-key", largeFile, output);

When to use: GB-scale backups, log archives, media files.

Complete production example: Flow 16 - ML-KEM-1024 Streaming

Example 5: Quantum-Resistant Encryption

// Composite hybrid keys (classical + PQC)
KeyRequest spec = new KeyRequest()
    .kid("hybrid-key")
    .kty("COMPOSITE_KEM_COMBINE")
    .alg("X25519+ML-KEM-768");
sdk.generateKey(spec);
sdk.encryptFile("hybrid-key", secret, encrypted);

When to use: Regulatory compliance (NIST CSWP 39, GSA PQC, EU/BSI/ANSSI standards).

Complete production example: Flow 29 - Composite Hybrid Keys

Example 6: Migrate RSA to Post-Quantum

// Zero-exposure migration (never touches plaintext)
sdk.reencryptFile("old-rsa-key", "new-mlkem-key", oldCiphertext, newCiphertext);

When to use: Upgrade legacy RSA/EC ciphertexts to ML-KEM without decrypting.

Complete production example: Flow 4 - Asymmetric Re-encrypt

Next Steps

Complete Examples (34 Flows) - All integration patterns organized by category
File Operation Patterns - Deep dive into auto-detection, streaming, compact modes
Usage Guide - Setup, authentication, and API reference
Security Best Practices - Key lifecycle, session management, error handling

Pattern Quick Reference

Pattern	Method	Use Case	Example Flow
🔄 Auto-Detection	`encryptFile()`, `decryptFile()`	Any file size (recommended)	Flow 1
📦 Force Compact	`encryptFileCompact()`	< 5 MB (API tokens)	Flow 5
🌊 Force Streaming	`encryptFileStream()`	Large files (GB-scale)	Flow 16
🔐 Sign + Encrypt	Nested operations	Authenticated encryption	Flow 24
🔄 Re-encrypt	`reencryptFile()`	Migrate ciphertexts	Flow 4
🏗️ Composite Keys	`COMPOSITE_KEM_COMBINE`	Quantum-resistant	Flow 29

Tip: Start with auto-detection methods (encryptFile, decryptFile) for 90% of use cases. Only use explicit format methods when you have specific requirements.