1CLEVIS-ENCRYPT-HTTP(1)                                  CLEVIS-ENCRYPT-HTTP(1)
2
3
4

NAME

6       clevis-encrypt-http -- Encrypts using a REST HTTP escrow server policy
7

SYNOPSIS

9       clevis encrypt http CONFIG < PT > JWE
10

OVERVIEW

12       The clevis encrypt http command encrypts using a REST HTTP escrow serv‐
13       er policy.  Its only argument is the JSON configuration object.
14
15       When using the HTTP pin, we  create  a  new,  cryptographically-strong,
16       random key.  This key is stored in a remote HTTP escrow server (using a
17       simple PUT or POST).  Then at decryption time, we attempt to fetch  the
18       key back again in order to decrypt our data.  So, for our configuration
19       we need to pass the URL to the key location:
20
21              $ clevis encrypt http '{"url":"https://escrow.srv/1234"}' < PT > JWE
22
23       To decrypt the data, simply provide the ciphertext (JWE):
24
25              $ clevis decrypt < JWE > PT
26
27       Notice that we did not pass any configuration during  decryption.   The
28       decrypt  command  extracted  the URL (and possibly other configuration)
29       from the JWE object, fetched the encryption key  from  the  escrow  and
30       performed decryption.
31

CONFIG

33       This command uses the following configuration properties:
34
35       · url (string) : The URL where the key is stored (REQUIRED)
36
37       · http (boolean) : Allow or disallow non-TLS HTTP (default: false)
38
39       · type (string) : The type of key to store (default: octet-stream)
40
41       · method (string) : The HTTP method to use (default: PUT)
42

SEE ALSO

44       clevis-decrypt(1)
45

AUTHORS

47       Nathaniel McCallum <npmccallum@redhat.com>.
48
49
50
51                                 Sepember 2017          CLEVIS-ENCRYPT-HTTP(1)