[![build](https://github.com/latchset/jose/workflows/build/badge.svg)](https://github.com/latchset/jose/actions) # Welcome to José! José is a C-language implementation of the Javascript Object Signing and Encryption standards. Specifically, José aims towards implementing the following standards: * RFC 7515 - JSON Web Signature (JWS) * RFC 7516 - JSON Web Encryption (JWE) * RFC 7517 - JSON Web Key (JWK) * RFC 7518 - JSON Web Algorithms (JWA) * RFC 7519 - JSON Web Token (JWT) * RFC 7520 - Examples of ... JOSE * RFC 7638 - JSON Web Key (JWK) Thumbprint José is extensively tested against the RFC test vectors. # Supported Algorithms | Algorithm | Supported | Algorithm Type | JWK Type | |--------------------|:---------:|:--------------:|:--------:| | HS256 | YES | Signature | oct | | HS384 | YES | Signature | oct | | HS512 | YES | Signature | oct | | RS256 | YES | Signature | RSA | | RS384 | YES | Signature | RSA | | RS512 | YES | Signature | RSA | | ES256 | YES | Signature | EC | | ES384 | YES | Signature | EC | | ES512 | YES | Signature | EC | | PS256 | YES | Signature | RSA | | PS384 | YES | Signature | RSA | | PS512 | YES | Signature | RSA | | none | NO | Signature | N/A | | RSA1_5 | YES | Key Wrap | RSA | | RSA-OAEP | YES | Key Wrap | RSA | | RSA-OAEP-256 | YES | Key Wrap | RSA | | A128KW | YES | Key Wrap | oct | | A192KW | YES | Key Wrap | oct | | A256KW | YES | Key Wrap | oct | | dir | YES | Key Wrap | oct | | ECDH-ES | YES | Key Wrap | EC | | ECDH-ES+A128KW | YES | Key Wrap | EC | | ECDH-ES+A192KW | YES | Key Wrap | EC | | ECDH-ES+A256KW | YES | Key Wrap | EC | | A128GCMKW | YES | Key Wrap | oct | | A192GCMKW | YES | Key Wrap | oct | | A256GCMKW | YES | Key Wrap | oct | | PBES2-HS256+A128KW | YES | Key Wrap | N/A | | PBES2-HS384+A192KW | YES | Key Wrap | N/A | | PBES2-HS512+A256KW | YES | Key Wrap | N/A | | A128CBC-HS256 | YES | Encryption | oct | | A192CBC-HS384 | YES | Encryption | oct | | A256CBC-HS512 | YES | Encryption | oct | | A128GCM | YES | Encryption | oct | | A192GCM | YES | Encryption | oct | | A256GCM | YES | Encryption | oct | # José Command-Line Utility José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Below you will find examples of the common commands. ### Key Management José can generate keys, remove private keys and show thumbprints. For example: ```sh # Generate three different kinds of keys $ jose jwk gen -i '{"alg": "A128GCM"}' -o oct.jwk $ jose jwk gen -i '{"alg": "RSA1_5"}' -o rsa.jwk $ jose jwk gen -i '{"alg": "ES256"}' -o ec.jwk # Remove the private keys $ jose jwk pub -i oct.jwk -o oct.pub.jwk $ jose jwk pub -i rsa.jwk -o rsa.pub.jwk $ jose jwk pub -i ec.jwk -o ec.pub.jwk # Calculate thumbprints $ jose jwk thp -i oct.jwk 9ipMcxQLsI56Mqr3yYS8hJguJ6Mc8Zh6fkufoiKokrM $ jose jwk thp -i rsa.jwk rS6Yno3oQYRIztC6np62nthbmdydhrWmK2Zn_Izmerw $ jose jwk thp -i ec.jwk To8yMD92X82zvGoERAcDzlPP6awMYGM2HYDc1G5xOtc ``` ### Signatures José can sign and verify data. For example: ```sh $ echo hi | jose jws sig -i- -k ec.jwk -o msg.jws $ jose jws ver -i msg.jws -k ec.pub.jwk hi $ jose jws ver -i msg.jws -k oct.jwk No signatures validated! ``` ### Encryption José can encrypt and decrypt data. For example: ```sh $ echo hi | jose jwe enc -i- -k rsa.pub.jwk -o msg.jwe $ jose jwe dec -i msg.jwe -k rsa.jwk hi $ jose jwe dec -i msg.jwe -k oct.jwk Decryption failed! ``` # Building and Installing from Source Building Jose is fairly straightforward: $ mkdir build && cd build $ meson .. --prefix=/usr $ ninja $ sudo ninja install You can even run the tests if you'd like: $ meson test To build a FreeBSD, HardenedBSD or OPNsense package use: (as root) # pkg install meson pkgconf jansson openssl $ mkdir build && cd build $ meson .. --prefix=/usr/local $ ninja $ meson test (as root) # ninja install Once built it does not require meson and pkgconf, but still requires jansson and openssl.