git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
jose
1
0
Fork 0
Files
Tree: e132224489
Branches Tags
jose
/
doc
/
ronn
/
jose-jws-sig.1

jose-jws-sig.1 4.0 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141 
  1. .\" generated with Ronn/v0.7.3
    2. 

  2. .\" http://github.com/rtomayko/ronn/tree/0.7.3
    3. 

  3. .
    4. 

  4. .TH "JOSE\-JWS\-SIG" "1" "June 2017" "" ""
    5. 

  5. .
    6. 

  6. .SH "NAME"
    7. 

  7. \fBjose\-jws\-sig\fR \- Signs a payload using one or more JWKs
    8. 

  8. .
    9. 

  9. .SH "SYNOPSIS"
    10. 

  10. \fBjose jws sig\fR [\-i JWS] [\-I PAY] [\-s SIG] \-k JWK [\-o JWS] [\-O PAY] [\-c]
    11. 

  11. .
    12. 

  12. .SH "OVERVIEW"
    13. 

  13. The \fBjose jws sig\fR command signs a payload using one or more JWKs\. The payload can be provided either in its decoded form (\fB\-I\fR) or embedded in an existing JWS (\fB\-i\fR)\.
    14. 

  14. .
    15. 

  15. .P
    16. 

  16. A detached JWS can be created by specifying the \fB\-O\fR option\. In this case, the decoded payload will be written to the output specified and will not be included in the JWS\.
    17. 

  17. .
    18. 

  18. .P
    19. 

  19. If only one key is used (\fB\-k\fR), the resulting JWS may be output in JWS Compact Serialization by using the \fB\-c\fR option\.
    20. 

  20. .
    21. 

  21. .P
    22. 

  22. This command uses a template based approach for constructing a JWS\. You can specify templates of the JWS itself (\fB\-i\fR) or for the JWS Signature Object (\fB\-r\fR)\. Attributes specified in either of these templates will appear unmodified in the output\. One exception to this rule is that the JWS Protected Header should be specified in its decoded form in the JWS Signature Object template\. This command will automatically encode it as part of the encryption process\.
    23. 

  23. .
    24. 

  24. .P
    25. 

  25. If you specify a JOSE Header Parameter (via either the \fB\-i\fR or \fB\-r\fR options) that affects the construction of the JWE, this command will attempt to behave according to this parameter as if it were configuration\. Currently, \fBjose\fR will modify its behavior for the "alg" JOSE Header Parameter (see RFC 7515 Section 4\.1\.1)\.
    26. 

  26. .
    27. 

  27. .P
    28. 

  28. However, it is not necessary to provide any templates: \fBjose jwe enc\fR will automatically fill in the "alg" parameter by inferring the correct algorithm from the provided input JWKs\. Therefore, the \fB\-i\fR and \fB\-r\fR options should generally be used for providing extended JWE metadata\.
    29. 

  29. .
    30. 

  30. .P
    31. 

  31. It is possible to specify an existing JWS as the JWS template input (\fB\-i\fR)\. This allows the addition of new signatures to an existing JWS\.
    32. 

  32. .
    33. 

  33. .SH "OPTIONS"
    34. 

  34. .
    35. 

  35. .TP
    36. 

  36. \fB\-i\fR \fIJSON\fR, \fB\-\-input\fR=\fIJSON\fR
    37. 

  37. Parse JWS template from JSON
    38. 

  38. .
    39. 

  39. .TP
    40. 

  40. \fB\-i\fR \fIFILE\fR, \fB\-\-input\fR=\fIFILE\fR
    41. 

  41. Read JWS template from FILE
    42. 

  42. .
    43. 

  43. .TP
    44. 

  44. \fB\-i\fR \-, \fB\-\-input\fR=\-
    45. 

  45. Read JWS template from standard input
    46. 

  46. .
    47. 

  47. .TP
    48. 

  48. \fB\-I\fR \fIFILE\fR, \fB\-\-detached\fR=\fIFILE\fR
    49. 

  49. Read decoded payload from FILE
    50. 

  50. .
    51. 

  51. .TP
    52. 

  52. \fB\-I\fR \-, \fB\-\-detached\fR=\-
    53. 

  53. Read decoded payload from standard input
    54. 

  54. .
    55. 

  55. .TP
    56. 

  56. \fB\-s\fR \fIJSON\fR, \fB\-\-signature\fR=\fIJSON\fR
    57. 

  57. Parse JWS signature template from JSON
    58. 

  58. .
    59. 

  59. .TP
    60. 

  60. \fB\-s\fR \fIFILE\fR, \fB\-\-signature\fR=\fIFILE\fR
    61. 

  61. Read JWS signature template from FILE
    62. 

  62. .
    63. 

  63. .TP
    64. 

  64. \fB\-s\fR \-, \fB\-\-signature\fR=\-
    65. 

  65. Read JWS signature template standard input
    66. 

  66. .
    67. 

  67. .TP
    68. 

  68. \fB\-k\fR \fIFILE\fR, \fB\-\-key\fR=\fIFILE\fR
    69. 

  69. Read JWK(Set) from FILE
    70. 

  70. .
    71. 

  71. .TP
    72. 

  72. \fB\-k\fR \-, \fB\-\-key\fR=\-
    73. 

  73. Read JWK(Set) from standard input
    74. 

  74. .
    75. 

  75. .TP
    76. 

  76. \fB\-o\fR \fIFILE\fR, \fB\-\-output\fR=\fIFILE\fR
    77. 

  77. Write JWS to FILE
    78. 

  78. .
    79. 

  79. .TP
    80. 

  80. \fB\-o\fR \-, \fB\-\-output\fR=\-
    81. 

  81. Write JWS to stdout (default)
    82. 

  82. .
    83. 

  83. .TP
    84. 

  84. \fB\-O\fR \fIFILE\fR, \fB\-\-detach\fR=\fIFILE\fR
    85. 

  85. Detach payload and decode to FILE
    86. 

  86. .
    87. 

  87. .TP
    88. 

  88. \fB\-O\fR \-, \fB\-\-detach\fR=\-
    89. 

  89. Detach payload and decode to standard output
    90. 

  90. .
    91. 

  91. .TP
    92. 

  92. \fB\-c\fR, \fB\-\-compact\fR
    93. 

  93. Output JWS using compact serialization
    94. 

  94. .
    95. 

  95. .SH "EXAMPLES"
    96. 

  96. Sign data with a symmetric key using JWE JSON Serialization:
    97. 

  97. .
    98. 

  98. .IP "" 4
    99. 

  99. .
    100. 

  100. .nf
    101. 

  101. 

  102. $ jose jwk gen \-i \'{"alg":"HS256"}\' \-o key\.jwk
    103. 

  103. $ jose jws sig \-I msg\.txt \-k key\.jwk \-o msg\.jws
    104. 

  104. .
    105. 

  105. .fi
    106. 

  106. .
    107. 

  107. .IP "" 0
    108. 

  108. .
    109. 

  109. .P
    110. 

  110. Sign data using detached JWE Compact Serialization:
    111. 

  111. .
    112. 

  112. .IP "" 4
    113. 

  113. .
    114. 

  114. .nf
    115. 

  115. 

  116. $ jose jws sig \-I msg\.txt \-k key\.jwk \-O /dev/null \-c \-o msg\.jws
    117. 

  117. .
    118. 

  118. .fi
    119. 

  119. .
    120. 

  120. .IP "" 0
    121. 

  121. .
    122. 

  122. .P
    123. 

  123. Sign with two keys:
    124. 

  124. .
    125. 

  125. .IP "" 4
    126. 

  126. .
    127. 

  127. .nf
    128. 

  128. 

  129. $ jose jwk gen \-i \'{"alg":"ES256"}\' \-o ec\.jwk
    130. 

  130. $ jose jwk gen \-i \'{"alg":"RS256"}\' \-o rsa\.jwk
    131. 

  131. $ jose jws sig \-I msg\.txt \-k ec\.jwk \-k rsa\.jwk \-o msg\.jws
    132. 

  132. .
    133. 

  133. .fi
    134. 

  134. .
    135. 

  135. .IP "" 0
    136. 

  136. .
    137. 

  137. .SH "AUTHOR"
    138. 

  138. Nathaniel McCallum <npmccallum@redhat\.com>
    139. 

  139. .
    140. 

  140. .SH "SEE ALSO"
    141. 

  141. \fBjose\-jws\-sig\fR(1), \fBjose\-jws\-ver\fR(1)
    142.