git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
jose
1
0
Fork 0
Files
Branch: master
Branches Tags
jose
/
doc
/
man
/
jose-jwk-exc.1.adoc

jose-jwk-exc.1.adoc 2.4 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485 
  1. jose-jwk-exc(1)
    2. 

  2. ===============
    3. 

  3. :doctype: manpage
    4. 

  4. 

  5. == NAME
    6. 

  6. 

  7. jose-jwk-exc - Performs a key exchange using the two input keys
    8. 

  8. 

  9. == SYNOPSIS
    10. 

  10. 

  11. *jose jwk exc* [-i JWK] -l JWK -r JWK [-o JWK]
    12. 

  12. 

  13. == OVERVIEW
    14. 

  14. 

  15. The *jose jwk exc* command performs a key exchange using the two input keys
    16. 

  16. and provides the result of the exchange as output. The user can specify a JWK
    17. 

  17. template as input and the specified properties will appear in the output JWK
    18. 

  18. unmodified.
    19. 

  19. 

  20. A key exchange requires two keys:
    21. 

  21. 

  22. 1. The local key, which usually contains private key material.
    23. 

  23. 2. The remote key, which usually contains public key material.
    24. 

  24. 

  25. The algorithm for the exchange is inferred from the inputs.
    26. 

  26. 

  27. The *ECDH* algorithm performs a standard elliptic curve multiplication such
    28. 

  28. that the public value of \p rem is multiplied by the private value of \p.
    29. 

  29. 

  30. The *ECMR* algorithm has three modes of operation. Where the local key has a
    31. 

  31. private key (the "d" property), it performs exactly like *ECDH*. If the local
    32. 

  32. key does not have a private key and the remote key does have a private key,
    33. 

  33. elliptic curve addition is performed on the two values. Otherwise, if neither
    34. 

  34. the local key nor the remote key have a private key, the remote key is
    35. 

  35. subtracted from the local key using elliptic curve subtraction. When using
    36. 

  36. ECMR, be sure to validate the content of your inputs to avoid triggering the
    37. 

  37. incorrect operation!
    38. 

  38. 

  39. == OPTIONS
    40. 

  40. 

  41. * *-i* _JSON_, *--input*=_JSON_ :
    42. 

  42.   Parse JWK template from JSON
    43. 

  43. 

  44. * *-i* _FILE_, *--input*=_FILE_ :
    45. 

  45.   Read JWK template from FILE
    46. 

  46. 

  47. * *-i* -, *--input*=- :
    48. 

  48.   Read JWK template from standard input
    49. 

  49. 

  50. * *-o* _FILE_, *--output*=_FILE_ :
    51. 

  51.   Write JWK(Set) to FILE
    52. 

  52. 

  53. * *-o* -, *--output*=- :
    54. 

  54.   Write JWK(Set) to standard input
    55. 

  55. 

  56. * *-l* _FILE_, *--local*=_FILE_ :
    57. 

  57.   Read local JWK from FILE
    58. 

  58. 

  59. * *-l* -, *--local*=- :
    60. 

  60.   Read local JWK from standard input
    61. 

  61. 

  62. * *-r* _FILE_, *--remote*=_FILE_ :
    63. 

  63.   Read remote JWK from FILE
    64. 

  64. 

  65. * *-r* -, *--remote*=- :
    66. 

  66.   Read remote JWK from standard input
    67. 

  67. 

  68. == EXAMPLES
    69. 

  69. 

  70. Perform a key exchange:
    71. 

  71. 

  72.     $ jose jwk gen -i '{"alg":"ECDH"}' -o local.jwk
    73. 

  73.     $ jose jwk gen -i '{"alg":"ECDH"}' | jose jwk pub -i- -o remote.jwk
    74. 

  74.     $ jose jwk exc -l local.jwk -r remote.jwk -o exchanged.jwk
    75. 

  75. 

  76. == AUTHOR
    77. 

  77. 

  78. Nathaniel McCallum <npmccallum@redhat.com>
    79. 

  79. 

  80. == SEE ALSO
    81. 

  81. 

  82. link:jose-alg.1.adoc[*jose-alg*(1)],
    83. 

  83. link:jose-jwk-exc.1.adoc[*jose-jwk-exc*(1)],
    84. 

  84. link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)],
    85. 

  85. link:jose-jwk-pub.1.adoc[*jose-jwk-pub*(1)]
    86.