1JOSE-JWS-SIG(1)                                                JOSE-JWS-SIG(1)
2
3
4

NAME

6       jose-jws-sig - Signs a payload using one or more JWKs
7

SYNOPSIS

9       jose jws sig [-i JWS] [-I PAY] [-s SIG] -k JWK [-o JWS] [-O PAY] [-c]
10

OVERVIEW

12       The  jose  jws  sig command signs a payload using one or more JWKs. The
13       payload can be provided either in its decoded form (-I) or embedded  in
14       an existing JWS (-i).
15
16       A  detached  JWS  can  be  created by specifying the -O option. In this
17       case, the decoded payload will be written to the output  specified  and
18       will not be included in the JWS.
19
20       If  only  one  key is used (-k), the resulting JWS may be output in JWS
21       Compact Serialization by using the -c option.
22
23       This command uses a template based approach for constructing a JWS. You
24       can  specify  templates of the JWS itself (-i) or for the JWS Signature
25       Object (-r). Attributes specified in either  of  these  templates  will
26       appear unmodified in the output. One exception to this rule is that the
27       JWS Protected Header should be specified in its decoded form in the JWS
28       Signature Object template. This command will automatically encode it as
29       part of the encryption process.
30
31       If you specify a JOSE  Header  Parameter  (via  either  the  -i  or  -r
32       options)  that  affects  the construction of the JWE, this command will
33       attempt to behave according to this parameter as if it were  configura‐
34       tion.  Currently,  jose  will  modify  its  behavior for the "alg" JOSE
35       Header Parameter (see RFC 7515 Section 4.1.1).
36
37       However, it is not necessary to provide any  templates:  jose  jwe  enc
38       will automatically fill in the "alg" parameter by inferring the correct
39       algorithm from the provided  input  JWKs.  Therefore,  the  -i  and  -r
40       options should generally be used for providing extended JWE metadata.
41
42       It  is  possible  to  specify an existing JWS as the JWS template input
43       (-i). This allows the addition of new signatures to an existing JWS.
44

OPTIONS

46       -i JSON, --input=JSON
47              Parse JWS template from JSON
48
49       -i FILE, --input=FILE
50              Read JWS template from FILE
51
52       -i -, --input=-
53              Read JWS template from standard input
54
55       -I FILE, --detached=FILE
56              Read decoded payload from FILE
57
58       -I -, --detached=-
59              Read decoded payload from standard input
60
61       -s JSON, --signature=JSON
62              Parse JWS signature template from JSON
63
64       -s FILE, --signature=FILE
65              Read JWS signature template from FILE
66
67       -s -, --signature=-
68              Read JWS signature template standard input
69
70       -k FILE, --key=FILE
71              Read JWK(Set) from FILE
72
73       -k -, --key=-
74              Read JWK(Set) from standard input
75
76       -o FILE, --output=FILE
77              Write JWS to FILE
78
79       -o -, --output=-
80              Write JWS to stdout (default)
81
82       -O FILE, --detach=FILE
83              Detach payload and decode to FILE
84
85       -O -, --detach=-
86              Detach payload and decode to standard output
87
88       -c, --compact
89              Output JWS using compact serialization
90

EXAMPLES

92       Sign data with a symmetric key using JWE JSON Serialization:
93
94
95
96           $ jose jwk gen -i ´{"alg":"HS256"}´ -o key.jwk
97           $ jose jws sig -I msg.txt -k key.jwk -o msg.jws
98
99
100
101       Sign data using detached JWE Compact Serialization:
102
103
104
105           $ jose jws sig -I msg.txt -k key.jwk -O /dev/null -c -o msg.jws
106
107
108
109       Sign with two keys:
110
111
112
113           $ jose jwk gen -i ´{"alg":"ES256"}´ -o ec.jwk
114           $ jose jwk gen -i ´{"alg":"RS256"}´ -o rsa.jwk
115           $ jose jws sig -I msg.txt -k ec.jwk -k rsa.jwk -o msg.jws
116
117
118

AUTHOR

120       Nathaniel McCallum <npmccallum@redhat.com>
121

SEE ALSO

123       jose-jws-sig(1), jose-jws-ver(1)
124
125
126
127                                   June 2017                   JOSE-JWS-SIG(1)
Impressum