APIs for Ubiquitous Encryption
Cosmian’s Ubiquitous Encryption provides security and performance everywhere and at all times.
Cosmian provides developer APIs in libraries and server components so that developers and data engineers can quickly and transparently implement ubiquitous encryption: data is encrypted everywhere and at all times:
At rest and during searching using flexible, secure, modern cryptographic primitives that allow application-level encryption with data partitioning, encrypted indexes and search queries, public key encryption, post-quantum resistance, attributes rotation, etc. See Cloudproof Encryption
In use while being processed by a confidential microservice (also encrypted !) in the cloud. See Microservice Encryption
Cryptography implies managing keys, and Cosmian provides a Key Management System with a modern KMIP 2.1 interface. Cosmian KMS can be used as a complete key management solution or to complement an existing enterprise KMS.
Get started immediately !
Cosmian server-side components, most notably the Secure KMS and Cosmian enclaves, are also offered as freemium, so you can get immediately started with implementing privacy by default.
Sample developer code¶
These are sample pseudo-code workflows. Check the API in your chosen language for details.
// Encrypt data with a public key and attributes let cipher_text = encrypt( clear_text, public_key, ["Department::Finance", "Confidentiality::Medium" ] ) // Later - create a user decryption key with an access policy let user_key = create_user_key( master_private_key, "(Department::Finance || Department::Marketing) && Confidentiality::TopSecret" ) // The user key has an access policy that allows decrypting the data let clear_text = decrypt(cipher_text, user_key)
Read Microservice Encryption overview for complete guide.
# Create a computation computation = computation_owner.create_computation( 'computation name', owner_public_key=public_key, firstname.lastname@example.org', data_providers_emails=['email@example.com', 'firstname.lastname@example.org], result_consumers_emails=['email@example.com'] ) # encrypt and deploy some data data_provider.upload_files(computation_uuid, symmetric_key, [path_1, path_2]) # encrypt and deploy a confidential algorithm code_provider.upload(computation_uuid, symmetric_key, path) # approve participants of the computation computation_owner.approve_participants(computation.uuid, "Missing Signature") # verify everything is secure finalize provisioning data_provider.key_provisioning(computation_uuid, sealed_symmetric_key) # when all the participants have done the key provisioning step, # the computation on the Cosmian enclave automatically starts result_consumer.key_provisioning(computation.uuid, sealed_symmetric_key) # collect the encrypted results and decrypt them encrypted_results = result_consumer.fetch_results(computation.uuid) print(decrypt(encrypted_results, symmetric_key_ro))
Ready made Plugins¶
Ready-made plugins seamlessly integrate Cosmian technology with modern data platforms.
Cosmian Data Access nicely integrates with Spark using Parquet files.
See the cosmian_spark_crypto Github [repository](https://github.com/Cosmian/cosmian_spark_crypto) for details and [this](https://github.com/Cosmian/cosmian_saagie_plugin) Github Repository for a complete working example.
Check this Github Repository for a working example in the Saagie Platform.