File: jws.go

package info (click to toggle)
golang-github-smallstep-cli 0.15.16%2Bds-3
  • links: PTS, VCS
  • area: main
  • in suites: bookworm
  • size: 4,404 kB
  • sloc: sh: 512; makefile: 99
file content (92 lines) | stat: -rw-r--r-- 2,792 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
package jws

import "github.com/urfave/cli"

// Command returns the jwk subcommand.
func Command() cli.Command {
	return cli.Command{
		Name:      "jws",
		Usage:     "sign and verify data using JSON Web Signature (JWS)",
		UsageText: "step crypto jws <subcommand> [arguments] [global-flags] [subcommand-flags]",
		Description: `JSON Web Signature (JWS) represents content secured with digital signatures or
Message Authentication Codes (MACs) using JSON-based data structures.

## EXAMPLES

Create a signed JWS of a message using an Ed25519 private JWK (with line
breaks for display purposes only):
'''
$ echo -n message | step crypto jws sign --key ed25519.priv.json
eyJhbGciOiJFZERTQSIsImtpZCI6IjlxaVFZUFU3SHJTOXBYdXpYYzc1WGctMXc5c0JGM2lXVld2cDhieE5oc28ifQ
.
bWVzc2FnZQ
.
ZlJvznC3iE4zhwmnCL74UtHXEUs6pb62vf38GFBLbFMKnIFiOGpAFcNv3es-WvPHYfyIIClAjwCfe505gxz5BQ
'''

Verify and display the message using the public key:
'''
$ echo $TOKEN | step crypto jws verify --key ed25519.pub.json
message
'''

Verify and display a JSON representation of the token, the message is base64
encoded in the payload:
'''
$ echo $TOKEN | step crypto jws verify --key ed25519.pub.json --json
{
  "header": {
    "alg": "EdDSA",
    "kid": "9qiQYPU7HrS9pXuzXc75Xg-1w9sBF3iWVWvp8bxNhso"
  },
  "payload": "bWVzc2FnZQ",
  "signature": "ZlJvznC3iE4zhwmnCL74UtHXEUs6pb62vf38GFBLbFMKnIFiOGpAFcNv3es-WvPHYfyIIClAjwCfe505gxz5BQ"
}
'''

Inspect the content of the JWS without verifying it:
'''
$ echo $TOKEN | step crypto jws inspect --insecure
message

$ echo $TOKEN | step crypto jws inspect --insecure --json
{
  "header": {
    "alg": "EdDSA",
    "kid": "9qiQYPU7HrS9pXuzXc75Xg-1w9sBF3iWVWvp8bxNhso"
  },
  "payload": "bWVzc2FnZQ",
  "signature": "ZlJvznC3iE4zhwmnCL74UtHXEUs6pb62vf38GFBLbFMKnIFiOGpAFcNv3es-WvPHYfyIIClAjwCfe505gxz5BQ"
}
'''

Using a JSON message using an P-256 curve and adding the content type json:
'''
$ echo -n {"dns":"https://dns.example.com"} | step crypto jws sign --key p256.priv.json --cty json
eyJhbGciOiJFUzI1NiIsImN0eSI6Impzb24iLCJraWQiOiJWOTNBLVloN0JodzFXMkUwaWdGY2l2aUp6WDRQWFBzd29WZ3JpZWhtOUNvIn0
.
eyJkbnMiOiJodHRwczovL2Rucy5leGFtcGxlLmNvbSJ9
.
ZI8q75r3PCXeu-Tubw7bHiDGxloPpAHV2hNfEp9N4WM2r3Wsk5uFhAkBTVIqryPtxmAgfRHGnE3hj-3Dp9nZmA

$ echo $TOKEN | step crypto jws verify --key p256.pub.json
{"dns":"https://dns.example.com"}

$ echo $TOKEN | step crypto jws verify --key p256.pub.json --json
{
  "header": {
    "alg": "ES256",
    "cty": "json",
    "kid": "V93A-Yh7Bhw1W2E0igFciviJzX4PXPswoVgriehm9Co"
  },
  "payload": "eyJkbnMiOiJodHRwczovL2Rucy5leGFtcGxlLmNvbSJ9",
  "signature": "ZI8q75r3PCXeu-Tubw7bHiDGxloPpAHV2hNfEp9N4WM2r3Wsk5uFhAkBTVIqryPtxmAgfRHGnE3hj-3Dp9nZmA"
}
'''`,
		Subcommands: cli.Commands{
			signCommand(),
			inspectCommand(),
			verifyCommand(),
		},
	}
}