Skip to content

APIs for Ubiquitous Encryption

Cosmian provides developer APIs in librairies and server components so that developers and data engineers can easily and transparently implement privacy by default in applications and big data processing chains and repositories.

Privacy by default is implemented using ubiquitous encryption: data is encrypted everywhere and at all times:

  • at rest using flexible, secure, modern cryptographic primitives that allow data partitioning, public key encryption, attributes rotation, etc… See Cloudproof Encryption

  • while being processed by a confidential algorithm (also encrypted !) in the cloud. See Secure Computation

Cryptography implies managing keys and Cosmian provides a Key Management System with a modern KMIP 2.1 interface. Cosmian KMS can be used as a complete key management solution or to complement an existing enterprise KMS.

Get started immediately !

Cosmian server side components, most notably the Secure KMS and Cosmian enclaves, are also offered as freemium SaaS on the Cosmian public platform so you can get immediately started with implementing privacy by default.

Create a free account at https://console.cosmian.com

Sample developer code

These are sample pseudo code workflows. Check the API in your chosen language for details.

Cloudproof Encryption

// Encrypt data with a public key and attributes
let cipher_text = encrypt(
    clear_text,
    public_key,
    ["Department::Finance", "Confidentiality::Medium" ]
)

// Later - create a user decryption key with an access policy
let user_key = create_user_key(
    master_private_key,
    "(Department::Finance || Department::Marketing) && Confidentiality::TopSecret"
)

// The user key has an access policy that allows decrypting the data
let clear_text = decrypt(cipher_text, user_key)

Secure Computation

Read Secure Computation overview for complete guide.

# Create a computation
computation = computation_owner.create_computation(
    'computation name',
    owner_public_key=public_key,
    code_provider_email='john@example.org',
    data_providers_emails=['bob@example.org', 'alice@example.org],
    result_consumers_emails=['john@example.org']
)

# encrypt and deploy some data
data_provider.push_files(computation_uuid, symmetric_key, [path_1, path_2])

# encrypt and deploy a confidential algorithm
code_provider.upload(computation_uuid, symmetric_key, path)

# approve participants of the computation
computation_owner.approve_participants(computation.uuid, "Missing Signature")

# verify everything is secure finalize provisioning
data_provider.key_provisioning(computation_uuid, sealed_symmetric_key)

# when all the participants have done the key provisioning step,
# the computation on the Cosmian enclave automatically starts
result_consumer.key_provisioning(computation.uuid, sealed_symmetric_key)

# collect the encrypted results and decrypt them
encrypted_results = result_consumer.fetch_results(computation.uuid)
print(decrypt(encrypted_results, symmetric_key_ro))

Ready made Plugins

Ready made plugins seamlessly integrates Cosmian technology in modern data platforms.

Spark

Cosmian Data Access nicely integrates in Spark using Parquet files.

dataFrame
    .filter((col("COUNTRY") === "FR") && (col("UNIT") !== "MKG"))
    .write
    .mode(SaveMode.Append)
    .partitionBy("COUNTRY", "UNIT")
    .option(
        CosmianAbeFactory.COSMIAN_ENCRYPTION_ATTRIBUTES,
        "Country::France, Unit::Marketing"
    )
    .parquet(outputURI)

See the cosmian_spark_crypto Github repository for details and the this Github Repository for a complete working example.

Denodo

If you use the Denodo platform, you do not even have to code ! Cosmian and Denodo provide a ready made plugin to securely encrypt your data: Please contact Denodo for details.

Saagie

Cosmian big data encryption seamlessly integrates in the Saagie DataOps platform using the Cosmian Spark plugin.

Check this Github Repository for a working example in the Saagie Platform.