1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
|
# JOSE CLI
The `jose-util` command line utility allows for encryption, decryption, signing
and verification of JOSE messages. Its main purpose is to facilitate dealing
with JOSE messages when testing or debugging.
## Installation
```
$ go install github.com/go-jose/go-jose/v4/jose-util@latest
```
## Usage
The utility includes the subcommands `encrypt`, `decrypt`, `sign`, `verify` and
`expand`. Examples for each command can be found below.
Algorithms are selected via the `--alg` and `--enc` flags, which influence the
`alg` and `enc` headers in respectively. For JWE, `--alg` specifies the key
management algorithm (e.g. `RSA-OAEP`) and `--enc` specifies the content
encryption algorithm (e.g. `A128GCM`). For JWS, `--alg` specifies the
signature algorithm (e.g. `PS256`).
Input and output files can be specified via the `--in` and `--out` flags.
Either flag can be omitted, in which case `jose-util` uses stdin/stdout for
input/output respectively. By default each command will output a compact
message, but it's possible to get the JSON Serialization by supplying the
`--full` flag.
Keys are specified via the `--key` flag. Supported key types are naked RSA/EC
keys and X.509 certificates with embedded RSA/EC keys. Keys must be in PEM,
DER or JWK formats.
## Testing
`cram` is used for testing. This can be installed with pip or `sudo apt install
python-cram` See the travis file for how this is used in testing. For example,
`go build && PATH=$PWD:$PATH cram -v jose-util.t`
## Testing
`cram` is used for testing. This can be installed with pip or `sudo apt install
python-cram` See the travis file for how this is used in testing. For example,
`go build && PATH=$PWD:$PATH cram -v jose-util.t`
## Examples
### Generate key pair
Generates a key pair, either for signing/verification or encryption/decryption. Generated keys will be written to the current directory.
# Generate keys for signing (for RSA-PSS)
jose-util generate-key --use sig --alg RS256
# Generate keys for signing (for EdDSA)
jose-util generate-key --use sig --alg EdDSA
# Generate keys for encryption (for RSA-OAEP)
jose-util generate-key --use enc --alg RSA-OAEP
# Generate keys for encryption (for ECDH-ES)
jose-util generate-key --use enc --alg ECDH-ES+A128KW
### Encrypt
Takes a plaintext as input, encrypts, and prints the encrypted message.
# From stdin, to stdout
jose-util encrypt --key public-key.pem --alg RSA-OAEP --enc A128GCM
# Operating on files
jose-util encrypt --key public-key.pem --alg RSA-OAEP --enc A128GCM --in plaintext.txt --out ciphertext.txt
### Decrypt
Takes an encrypted message (JWE) as input, decrypts, and prints the plaintext.
# From stdin, to stdout
jose-util decrypt --key private-key.pem
# Operating on files
jose-util decrypt --key private-key.pem --in ciphertext.txt --out plaintext.txt
### Sign
Takes a payload as input, signs it, and prints the signed message with the embedded payload.
# From stdin, to stdout
jose-util sign --key private-key.pem --alg PS256
# Operating on files
jose-util sign --key private-key.pem --alg PS256 --in message.txt --out signed-message.txt
### Verify
Reads a signed message (JWS), verifies it, and extracts the payload.
# From stdin, to stdout
jose-util verify --key public-key.pem
# Operating on files
jose-util verify --key public-key.pem --in signed-message.txt --out message.txt
### Expand
Expands a compact message to the JWE/JWS JSON Serialization format.
jose-util expand --format JWE # Expands a compact JWE to JWE JSON Serialization
jose-util expand --format JWS # Expands a compact JWS to JWS JSON Serialization
|
