APIs for Ubiquitous Encryption
Cosmian provides developer APIs in libraries and server components so that developers and data engineers can easily and transparently implement privacy by default in applications and big data processing chains and repositories.
Privacy by default is implemented using ubiquitous encryption: data is encrypted everywhere and at all times:
at rest using flexible, secure, modern cryptographic primitives that allow data partitioning, public key encryption, attributes rotation, etc… See Cloudproof Encryption
while being processed by a confidential algorithm (also encrypted !) in the cloud. See Secure Computation
Cryptography implies managing keys and Cosmian provides a Key Management System with a modern KMIP 2.1 interface. Cosmian KMS can be used as a complete key management solution or to complement an existing enterprise KMS.
Get started immediately !
Cosmian server side components, most notably the Secure KMS and Cosmian enclaves, are also offered as freemium SaaS on the Cosmian public platform so you can get immediately started with implementing privacy by default.
Create a free account at https://console.cosmian.com
Sample developer code¶
These are sample pseudo code workflows. Check the API in your chosen language for details.
// Encrypt data with a public key and attributes let cipher_text = encrypt( clear_text, public_key, ["Department::Finance", "Confidentiality::Medium" ] ) // Later - create a user decryption key with an access policy let user_key = create_user_key( master_private_key, "(Department::Finance || Department::Marketing) && Confidentiality::TopSecret" ) // The user key has an access policy that allows decrypting the data let clear_text = decrypt(cipher_text, user_key)
Read Secure Computation overview for complete guide.
# Create a computation computation = computation_owner.create_computation( 'computation name', owner_public_key=public_key, firstname.lastname@example.org', data_providers_emails=['email@example.com', 'firstname.lastname@example.org], result_consumers_emails=['email@example.com'] ) # encrypt and deploy some data data_provider.push_files(computation_uuid, symmetric_key, [path_1, path_2]) # encrypt and deploy a confidential algorithm code_provider.upload(computation_uuid, symmetric_key, path) # approve participants of the computation computation_owner.approve_participants(computation.uuid, "Missing Signature") # verify everything is secure finalize provisioning data_provider.key_provisioning(computation_uuid, sealed_symmetric_key) # when all the participants have done the key provisioning step, # the computation on the Cosmian enclave automatically starts result_consumer.key_provisioning(computation.uuid, sealed_symmetric_key) # collect the encrypted results and decrypt them encrypted_results = result_consumer.fetch_results(computation.uuid) print(decrypt(encrypted_results, symmetric_key_ro))
Ready made Plugins¶
Ready made plugins seamlessly integrates Cosmian technology in modern data platforms.
Cosmian Data Access nicely integrates in Spark using Parquet files.
Check this Github Repository for a working example in the Saagie Platform.