1JOSE-JWE-ENC(1)                                                JOSE-JWE-ENC(1)
2
3
4

NAME

6       jose-jwe-enc - Encrypts plaintext using one or more JWK/password
7

SYNOPSIS

9       jose jwe enc [-i JWE] -I PT -k JWK [-p] [-r RCP] [-o JWE] [-O CT] [-c]
10

OVERVIEW

12       The  jose  jwe  enc command encrypts data using one or more JWK (-k) or
13       password (-p). When specifying more than one JWK or  password,  decryp‐
14       tion will succeed with any one of the provided keys.
15
16       A  detached  JWE  can  be  created by specifying the -O option. In this
17       case, the decoded ciphertext will be written to  the  output  specified
18       and will not be included in the JWE.
19
20       If  only one key is used (-k or -p), the resulting JWE may be output in
21       JWE Compact Serialization by using the -c option.
22
23       This command uses a template based approach for constructing a JWE. You
24       can  specify  templates of the JWE itself (-i) or for the JWE Recipient
25       Object (-r). Attributes specified in either  of  these  templates  will
26       appear unmodified in the output. One exception to this rule is that the
27       JWE Protected Header should be specified in its  decoded  form  in  the
28       template.  This  command  will  automatically  encode it as part of the
29       encryption process.
30
31       If you specify a JOSE  Header  Parameter  (via  either  the  -i  or  -r
32       options)  that  affects  the construction of the JWE, this command will
33       attempt to behave according to this parameter as if it were  configura‐
34       tion.  For example, specifying the "zip" parameter in the JWE Protected
35       Header will cause the plaintext to  be  compressed  before  encryption.
36       Currently, jose will modify its behavior for the "alg", "enc" and "zip"
37       JOSE Header Parameters (see RFC 7516 Section 4.1.3),  as  well  as  the
38       algorithm-specific  parameters  for  the algorithms we support (see RFC
39       7518 Section 4).
40
41       However, it is not necessary to provide any  templates:  jose  jwe  enc
42       will  automatically fill in the "alg" and "enc" parameters by inferring
43       the correct algorithms from the provided input keys (JWK or  password).
44       Therefore, the -i and -r options should generally be used for providing
45       extended JWE metadata.
46

OPTIONS

48       -i JSON, --input=JSON
49              Parse JWE from JSON
50
51       -i FILE, --input=FILE
52              Read JWE from FILE
53
54       -i -, --input=-
55              Read JWE from standard input
56
57       -I FILE, --detached=FILE
58              Read decoded ciphertext from FILE
59
60       -I -, --detached=-
61              Read decoded ciphertext from standard input
62
63       -r FILE, --recipient=FILE
64              Read JWE recipient template from FILE
65
66       -r -, --recipient=-
67              Read JWE recipient template from standard input
68
69       -k FILE, --key=FILE
70              Read JWK(Set) from FILE
71
72       -k -, --key=-
73              Read JWK(Set) from standard input
74
75       -p, `--password
76              Prompt for an encryption password
77
78       -o FILE, --output=FILE
79              Write JWE to FILE
80
81       -o -, --output=-
82              Write JWE to stdout (default)
83
84       -O FILE, --detach=FILE
85              Detach ciphertext and decode to FILE
86
87       -O -, --detach=-
88              Detach ciphertext and decode to standard output
89
90       -c, --compact
91              Output JWE using compact serialization
92

EXAMPLES

94       Encrypt data with a symmetric key using JWE JSON Serialization:
95
96
97
98           $ jose jwk gen -i ´{"alg":"A128GCM"}´ -o key.jwk
99           $ jose jwe enc -I msg.txt -k key.jwk -o msg.jwe
100
101
102
103       Encrypt data with a password using JWE Compact Serialization:
104
105
106
107           $ jose jwe enc -I msg.txt -p -c -o msg.jwe
108           Please enter an encryption password:
109           Please re-enter the previous password:
110
111
112
113       Compress plaintext before encryption:
114
115
116
117           $ jose jwe enc -i ´{"protected":{"zip":"DEF"}}´ ...
118
119
120
121       Encrypt  with  two  keys  and  two  passwords:  $  jose  jwk   gen   -i
122       ´{"alg":"ECDH-ES+A128KW"}´    -o    ec.jwk    $   jose   jwk   gen   -i
123       ´{"alg":"RSA1_5"}´ -o rsa.jwk $ jose jwe enc -I msg.txt -p -k ec.jwk -p
124       -k rsa.jwk -o msg.jwe Please enter a password: Please re-enter the pre‐
125       vious password: Please enter a password: Please re-enter  the  previous
126       password:
127

AUTHOR

129       Nathaniel McCallum <npmccallum@redhat.com>
130

SEE ALSO

132       jose-jwe-dec(1), jose-jwe-fmt(1)
133
134
135
136                                   May 2017                    JOSE-JWE-ENC(1)
Impressum