.\" Automatically generated by Pandoc 1.19.1
.\"
.TH "CLEVIS\-ENCRYPT\-HTTP" "1" "September 2017" "" ""
.hy
.SH NAME
.PP
clevis\-encrypt\-http \-\- Encrypts using a REST HTTP escrow server
policy
.SH SYNOPSIS
.PP
\f[C]clevis\ encrypt\ http\f[] CONFIG < PT > JWE
.SH OVERVIEW
.PP
The \f[C]clevis\ encrypt\ http\f[] command encrypts using a REST HTTP
escrow server policy.
Its only argument is the JSON configuration object.
.PP
When using the HTTP pin, we create a new, cryptographically\-strong,
random key.
This key is stored in a remote HTTP escrow server (using a simple PUT or
POST).
Then at decryption time, we attempt to fetch the key back again in order
to decrypt our data.
So, for our configuration we need to pass the URL to the key location:
.IP
.nf
\f[C]
$\ clevis\ encrypt\ http\ \[aq]{"url":"https://escrow.srv/1234"}\[aq]\ <\ PT\ >\ JWE
\f[]
.fi
.PP
To decrypt the data, simply provide the ciphertext (JWE):
.IP
.nf
\f[C]
$\ clevis\ decrypt\ <\ JWE\ >\ PT
\f[]
.fi
.PP
Notice that we did not pass any configuration during decryption.
The decrypt command extracted the URL (and possibly other configuration)
from the JWE object, fetched the encryption key from the escrow and
performed decryption.
.SH CONFIG
.PP
This command uses the following configuration properties:
.IP \[bu] 2
\f[C]url\f[] (string) : The URL where the key is stored (REQUIRED)
.IP \[bu] 2
\f[C]http\f[] (boolean) : Allow or disallow non\-TLS HTTP (default:
false)
.IP \[bu] 2
\f[C]type\f[] (string) : The type of key to store (default:
octet\-stream)
.IP \[bu] 2
\f[C]method\f[] (string) : The HTTP method to use (default: PUT)
.SH SEE ALSO
.PP
\f[C]clevis\-decrypt\f[](1)
.SH AUTHORS
Nathaniel McCallum <npmccallum@redhat.com>.