1
0

jose-jws-sig.1.adoc 3.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119
  1. jose-jws-sig(1)
  2. ===============
  3. :doctype: manpage
  4. == NAME
  5. jose-jws-sig - Signs a payload using one or more JWKs
  6. == SYNOPSIS
  7. *jose jws sig* [-i JWS] [-I PAY] [-s SIG] -k JWK [-o JWS] [-O PAY] [-c]
  8. == OVERVIEW
  9. The *jose jws sig* command signs a payload using one or more JWKs. The payload
  10. can be provided either in its decoded form (*-I*) or embedded in an existing
  11. JWS (*-i*).
  12. A detached JWS can be created by specifying the *-O* option. In this case,
  13. the decoded payload will be written to the output specified and will not be
  14. included in the JWS.
  15. If only one key is used (*-k*), the resulting JWS may be output in JWS Compact
  16. Serialization by using the *-c* option.
  17. This command uses a template based approach for constructing a JWS. You can
  18. specify templates of the JWS itself (*-i*) or for the JWS Signature Object
  19. (*-r*). Attributes specified in either of these templates will appear
  20. unmodified in the output. One exception to this rule is that the JWS Protected
  21. Header should be specified in its decoded form in the JWS Signature Object
  22. template. This command will automatically encode it as part of the encryption
  23. process.
  24. If you specify a JOSE Header Parameter (via either the *-i* or *-r* options)
  25. that affects the construction of the JWE, this command will attempt to behave
  26. according to this parameter as if it were configuration. Currently, *jose* will
  27. modify its behavior for the "alg" JOSE Header Parameter (see RFC 7515 Section
  28. 4.1.1).
  29. However, it is not necessary to provide any templates: *jose jwe enc* will
  30. automatically fill in the "alg" parameter by inferring the correct algorithm
  31. from the provided input JWKs. Therefore, the *-i* and *-r* options should
  32. generally be used for providing extended JWE metadata.
  33. It is possible to specify an existing JWS as the JWS template input (*-i*).
  34. This allows the addition of new signatures to an existing JWS.
  35. == OPTIONS
  36. * *-i* _JSON_, *--input*=_JSON_ :
  37. Parse JWS template from JSON
  38. * *-i* _FILE_, *--input*=_FILE_ :
  39. Read JWS template from FILE
  40. * *-i* -, *--input*=- :
  41. Read JWS template from standard input
  42. * *-I* _FILE_, *--detached*=_FILE_ :
  43. Read decoded payload from FILE
  44. * *-I* -, *--detached*=- :
  45. Read decoded payload from standard input
  46. * *-s* _JSON_, *--signature*=_JSON_ :
  47. Parse JWS signature template from JSON
  48. * *-s* _FILE_, *--signature*=_FILE_ :
  49. Read JWS signature template from FILE
  50. * *-s* -, *--signature*=- :
  51. Read JWS signature template standard input
  52. * *-k* _FILE_, *--key*=_FILE_ :
  53. Read JWK(Set) from FILE
  54. * *-k* -, *--key*=- :
  55. Read JWK(Set) from standard input
  56. * *-o* _FILE_, *--output*=_FILE_ :
  57. Write JWS to FILE
  58. * *-o* -, *--output*=- :
  59. Write JWS to stdout (default)
  60. * *-O* _FILE_, *--detach*=_FILE_ :
  61. Detach payload and decode to FILE
  62. * *-O* -, *--detach*=- :
  63. Detach payload and decode to standard output
  64. * *-c*, *--compact* :
  65. Output JWS using compact serialization
  66. == EXAMPLES
  67. Sign data with a symmetric key using JWE JSON Serialization:
  68. $ jose jwk gen -i '{"alg":"HS256"}' -o key.jwk
  69. $ jose jws sig -I msg.txt -k key.jwk -o msg.jws
  70. Sign data using detached JWE Compact Serialization:
  71. $ jose jws sig -I msg.txt -k key.jwk -O /dev/null -c -o msg.jws
  72. Sign with two keys:
  73. $ jose jwk gen -i '{"alg":"ES256"}' -o ec.jwk
  74. $ jose jwk gen -i '{"alg":"RS256"}' -o rsa.jwk
  75. $ jose jws sig -I msg.txt -k ec.jwk -k rsa.jwk -o msg.jws
  76. == AUTHOR
  77. Nathaniel McCallum <npmccallum@redhat.com>
  78. == SEE ALSO
  79. link:jose-jws-sig.1.adoc[*jose-jws-sig*(1)],
  80. link:jose-jws-ver.1.adoc[*jose-jws-ver*(1)]