jose-jwe-enc.1 4.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141
  1. .\" generated with Ronn/v0.7.3
  2. .\" http://github.com/rtomayko/ronn/tree/0.7.3
  3. .
  4. .TH "JOSE\-JWE\-ENC" "1" "May 2017" "" ""
  5. .
  6. .SH "NAME"
  7. \fBjose\-jwe\-enc\fR \- Encrypts plaintext using one or more JWK/password
  8. .
  9. .SH "SYNOPSIS"
  10. \fBjose jwe enc\fR [\-i JWE] \-I PT \-k JWK [\-p] [\-r RCP] [\-o JWE] [\-O CT] [\-c]
  11. .
  12. .SH "OVERVIEW"
  13. The \fBjose jwe enc\fR command encrypts data using one or more JWK (\fB\-k\fR) or password (\fB\-p\fR)\. When specifying more than one JWK or password, decryption will succeed with any one of the provided keys\.
  14. .
  15. .P
  16. A detached JWE can be created by specifying the \fB\-O\fR option\. In this case, the decoded ciphertext will be written to the output specified and will not be included in the JWE\.
  17. .
  18. .P
  19. If only one key is used (\fB\-k\fR or \fB\-p\fR), the resulting JWE may be output in JWE Compact Serialization by using the \fB\-c\fR option\.
  20. .
  21. .P
  22. This command uses a template based approach for constructing a JWE\. You can specify templates of the JWE itself (\fB\-i\fR) or for the JWE Recipient Object (\fB\-r\fR)\. Attributes specified in either of these templates will appear unmodified in the output\. One exception to this rule is that the JWE Protected Header should be specified in its decoded form in the template\. This command will automatically encode it as part of the encryption process\.
  23. .
  24. .P
  25. If you specify a JOSE Header Parameter (via either the \fB\-i\fR or \fB\-r\fR options) that affects the construction of the JWE, this command will attempt to behave according to this parameter as if it were configuration\. For example, specifying the "zip" parameter in the JWE Protected Header will cause the plaintext to be compressed before encryption\. Currently, \fBjose\fR will modify its behavior for the "alg", "enc" and "zip" JOSE Header Parameters (see RFC 7516 Section 4\.1\.3), as well as the algorithm\-specific parameters for the algorithms we support (see RFC 7518 Section 4)\.
  26. .
  27. .P
  28. However, it is not necessary to provide any templates: \fBjose jwe enc\fR will automatically fill in the "alg" and "enc" parameters by inferring the correct algorithms from the provided input keys (JWK or password)\. Therefore, the \fB\-i\fR and \fB\-r\fR options should generally be used for providing extended JWE metadata\.
  29. .
  30. .SH "OPTIONS"
  31. .
  32. .TP
  33. \fB\-i\fR \fIJSON\fR, \fB\-\-input\fR=\fIJSON\fR
  34. Parse JWE from JSON
  35. .
  36. .TP
  37. \fB\-i\fR \fIFILE\fR, \fB\-\-input\fR=\fIFILE\fR
  38. Read JWE from FILE
  39. .
  40. .TP
  41. \fB\-i\fR \-, \fB\-\-input\fR=\-
  42. Read JWE from standard input
  43. .
  44. .TP
  45. \fB\-I\fR \fIFILE\fR, \fB\-\-detached\fR=\fIFILE\fR
  46. Read decoded ciphertext from FILE
  47. .
  48. .TP
  49. \fB\-I\fR \-, \fB\-\-detached\fR=\-
  50. Read decoded ciphertext from standard input
  51. .
  52. .TP
  53. \fB\-r\fR \fIFILE\fR, \fB\-\-recipient\fR=\fIFILE\fR
  54. Read JWE recipient template from FILE
  55. .
  56. .TP
  57. \fB\-r\fR \-, \fB\-\-recipient\fR=\-
  58. Read JWE recipient template from standard input
  59. .
  60. .TP
  61. \fB\-k\fR \fIFILE\fR, \fB\-\-key\fR=\fIFILE\fR
  62. Read JWK(Set) from FILE
  63. .
  64. .TP
  65. \fB\-k\fR \-, \fB\-\-key\fR=\-
  66. Read JWK(Set) from standard input
  67. .
  68. .TP
  69. \fB\-p\fR, `\-\-password
  70. Prompt for an encryption password
  71. .
  72. .TP
  73. \fB\-o\fR \fIFILE\fR, \fB\-\-output\fR=\fIFILE\fR
  74. Write JWE to FILE
  75. .
  76. .TP
  77. \fB\-o\fR \-, \fB\-\-output\fR=\-
  78. Write JWE to stdout (default)
  79. .
  80. .TP
  81. \fB\-O\fR \fIFILE\fR, \fB\-\-detach\fR=\fIFILE\fR
  82. Detach ciphertext and decode to FILE
  83. .
  84. .TP
  85. \fB\-O\fR \-, \fB\-\-detach\fR=\-
  86. Detach ciphertext and decode to standard output
  87. .
  88. .TP
  89. \fB\-c\fR, \fB\-\-compact\fR
  90. Output JWE using compact serialization
  91. .
  92. .SH "EXAMPLES"
  93. Encrypt data with a symmetric key using JWE JSON Serialization:
  94. .
  95. .IP "" 4
  96. .
  97. .nf
  98. $ jose jwk gen \-i \'{"alg":"A128GCM"}\' \-o key\.jwk
  99. $ jose jwe enc \-I msg\.txt \-k key\.jwk \-o msg\.jwe
  100. .
  101. .fi
  102. .
  103. .IP "" 0
  104. .
  105. .P
  106. Encrypt data with a password using JWE Compact Serialization:
  107. .
  108. .IP "" 4
  109. .
  110. .nf
  111. $ jose jwe enc \-I msg\.txt \-p \-c \-o msg\.jwe
  112. Please enter an encryption password:
  113. Please re\-enter the previous password:
  114. .
  115. .fi
  116. .
  117. .IP "" 0
  118. .
  119. .P
  120. Compress plaintext before encryption:
  121. .
  122. .IP "" 4
  123. .
  124. .nf
  125. $ jose jwe enc \-i \'{"protected":{"zip":"DEF"}}\' \.\.\.
  126. .
  127. .fi
  128. .
  129. .IP "" 0
  130. .
  131. .P
  132. Encrypt with two keys and two passwords: $ jose jwk gen \-i \'{"alg":"ECDH\-ES+A128KW"}\' \-o ec\.jwk $ jose jwk gen \-i \'{"alg":"RSA1_5"}\' \-o rsa\.jwk $ jose jwe enc \-I msg\.txt \-p \-k ec\.jwk \-p \-k rsa\.jwk \-o msg\.jwe Please enter a password: Please re\-enter the previous password: Please enter a password: Please re\-enter the previous password:
  133. .
  134. .SH "AUTHOR"
  135. Nathaniel McCallum <npmccallum@redhat\.com>
  136. .
  137. .SH "SEE ALSO"
  138. \fBjose\-jwe\-dec\fR(1), \fBjose\-jwe\-fmt\fR(1)