1JOSE-JWS-SIG(1) JOSE-JWS-SIG(1)
2
6 jose-jws-sig - Signs a payload using one or more JWKs
7
9 jose jws sig [-i JWS] [-I PAY] [-s SIG] -k JWK [-o JWS] [-O PAY] [-c]
10
12 The jose jws sig command signs a payload using one or more JWKs. The
13 payload can be provided either in its decoded form (-I) or embedded in
14 an existing JWS (-i).
15 A detached JWS can be created by specifying the -O option. In this
17 case, the decoded payload will be written to the output specified and
18 will not be included in the JWS.
19 If only one key is used (-k), the resulting JWS may be output in JWS
21 Compact Serialization by using the -c option.
22 This command uses a template based approach for constructing a JWS. You
24 can specify templates of the JWS itself (-i) or for the JWS Signature
25 Object (-r). Attributes specified in either of these templates will
26 appear unmodified in the output. One exception to this rule is that the
27 JWS Protected Header should be specified in its decoded form in the JWS
28 Signature Object template. This command will automatically encode it as
29 part of the encryption process.
30 If you specify a JOSE Header Parameter (via either the -i or -r
32 options) that affects the construction of the JWE, this command will
33 attempt to behave according to this parameter as if it were configura‐
34 tion. Currently, jose will modify its behavior for the "alg" JOSE
35 Header Parameter (see RFC 7515 Section 4.1.1).
36 However, it is not necessary to provide any templates: jose jwe enc
38 will automatically fill in the "alg" parameter by inferring the correct
39 algorithm from the provided input JWKs. Therefore, the -i and -r
40 options should generally be used for providing extended JWE metadata.
41 It is possible to specify an existing JWS as the JWS template input
43 (-i). This allows the addition of new signatures to an existing JWS.
44
46 -i JSON, --input=JSON
47 Parse JWS template from JSON
48 -i FILE, --input=FILE
50 Read JWS template from FILE
51 -i -, --input=-
53 Read JWS template from standard input
54 -I FILE, --detached=FILE
56 Read decoded payload from FILE
57 -I -, --detached=-
59 Read decoded payload from standard input
60 -s JSON, --signature=JSON
62 Parse JWS signature template from JSON
63 -s FILE, --signature=FILE
65 Read JWS signature template from FILE
66 -s -, --signature=-
68 Read JWS signature template standard input
69 -k FILE, --key=FILE
71 Read JWK(Set) from FILE
72 -k -, --key=-
74 Read JWK(Set) from standard input
75 -o FILE, --output=FILE
77 Write JWS to FILE
78 -o -, --output=-
80 Write JWS to stdout (default)
81 -O FILE, --detach=FILE
83 Detach payload and decode to FILE
84 -O -, --detach=-
86 Detach payload and decode to standard output
87 -c, --compact
89 Output JWS using compact serialization
90
92 Sign data with a symmetric key using JWE JSON Serialization:
93 $ jose jwk gen -i ´{"alg":"HS256"}´ -o key.jwk
97 $ jose jws sig -I msg.txt -k key.jwk -o msg.jws
98 Sign data using detached JWE Compact Serialization:
102 $ jose jws sig -I msg.txt -k key.jwk -O /dev/null -c -o msg.jws
106 Sign with two keys:
110 $ jose jwk gen -i ´{"alg":"ES256"}´ -o ec.jwk
114 $ jose jwk gen -i ´{"alg":"RS256"}´ -o rsa.jwk
115 $ jose jws sig -I msg.txt -k ec.jwk -k rsa.jwk -o msg.jws
116
120 Nathaniel McCallum <npmccallum@redhat.com>
121
123 jose-jws-sig(1), jose-jws-ver(1)
124 June 2017 JOSE-JWS-SIG(1)