• Home
  • History
  • Annotate
Name Date Size #Lines LOC

..05-Jun-2021-

test-keys/H05-Jun-2021-5147

README.mdH A D05-Jun-20212.2 KiB6841

ec.keyH A D05-Jun-2021288 76

ec.pubH A D05-Jun-2021215 65

jose-util.tH A D05-Jun-20214.3 KiB9882

main.goH A D05-Jun-20215.3 KiB190132

utils.goH A D05-Jun-20212.3 KiB10267

README.md

1# JOSE CLI
2
3The `jose-util` command line utility allows for encryption, decryption, signing
4and verification of JOSE messages. Its main purpose is to facilitate dealing
5with JOSE messages when testing or debugging.
6
7## Usage
8
9The utility includes the subcommands `encrypt`, `decrypt`, `sign`, `verify` and
10`expand`. Examples for each command can be found below.
11
12Algorithms are selected via the `--alg` and `--enc` flags, which influence the
13`alg` and `enc` headers in respectively. For JWE, `--alg` specifies the key
14management algorithm (e.g. `RSA-OAEP`) and `--enc` specifies the content
15encryption algorithm (e.g. `A128GCM`). For JWS, `--alg` specifies the
16signature algorithm (e.g. `PS256`).
17
18Input and output files can be specified via the `--in` and `--out` flags.
19Either flag can be omitted, in which case `jose-util` uses stdin/stdout for
20input/output respectively. By default, each command will output a compact
21message, but it's possible to get the full serialization by supplying the
22`--full` flag.
23
24Keys are specified via the `--key` flag. Supported key types are naked RSA/EC
25keys and X.509 certificates with embedded RSA/EC keys. Keys must be in PEM
26or DER formats.
27
28
29## Testing
30
31`cram` is used for testing.  This can be installed with pip or `sudo apt install
32python-cram` See the travis file for how this is used in testing. For example,
33`go build && PATH=$PWD:$PATH cram -v jose-util.t`
34
35
36## Examples
37
38### Encrypt
39
40Takes a plaintext as input, encrypts, and prints the encrypted message.
41
42    echo 'test message' | jose-util encrypt --key public-key.pem --alg RSA-OAEP --enc A128GCM
43
44### Decrypt
45
46Takes an encrypted message (JWE) as input, decrypts, and prints the plaintext.
47
48    jose-util decrypt --key private-key.pem
49
50### Sign
51
52Takes a payload as input, signs it, and prints the signed message with the embedded payload.
53
54    jose-util sign --key private-key.pem --alg PS256
55
56### Verify
57
58Reads a signed message (JWS), verifies it, and extracts the payload.
59
60    jose-util verify --key public-key.pem
61
62### Expand
63
64Expands a compact message to the full serialization format.
65
66    jose-util expand --format JWE   # Expands a compact JWE to full format
67    jose-util expand --format JWS   # Expands a compact JWS to full format
68