1JOSE-JWK-EXC(1)                                                JOSE-JWK-EXC(1)
2
3
4

NAME

6       jose-jwk-exc - Performs a key exchange using the two input keys
7

SYNOPSIS

9       jose jwk exc [-i JWK] -l JWK -r JWK [-o JWK]
10

OVERVIEW

12       The jose jwk exc command performs a key exchange using the two input
13       keys and provides the result of the exchange as output. The user can
14       specify a JWK template as input and the specified properties will
15       appear in the output JWK unmodified.
16
17       A key exchange requires two keys:
18
19        1. The local key, which usually contains private key material.
20
21        2. The remote key, which usually contains public key material.
22
23       The algorithm for the exchange is inferred from the inputs.
24
25       The ECDH algorithm performs a standard elliptic curve multiplication
26       such that the public value of \p rem is multiplied by the private value
27       of \p.
28
29       The ECMR algorithm has three modes of operation. Where the local key
30       has a private key (the "d" property), it performs exactly like ECDH. If
31       the local key does not have a private key and the remote key does have
32       a private key, elliptic curve addition is performed on the two values.
33       Otherwise, if neither the local key nor the remote key have a private
34       key, the remote key is subtracted from the local key using elliptic
35       curve subtraction. When using ECMR, be sure to validate the content of
36       your inputs to avoid triggering the incorrect operation!
37

OPTIONS

39       •   -i JSON, --input=JSON : Parse JWK template from JSON
40
41       •   -i FILE, --input=FILE : Read JWK template from FILE
42
43       •   -i -, --input=- : Read JWK template from standard input
44
45       •   -o FILE, --output=FILE : Write JWK(Set) to FILE
46
47       •   -o -, --output=- : Write JWK(Set) to standard input
48
49       •   -l FILE, --local=FILE : Read local JWK from FILE
50
51       •   -l -, --local=- : Read local JWK from standard input
52
53       •   -r FILE, --remote=FILE : Read remote JWK from FILE
54
55       •   -r -, --remote=- : Read remote JWK from standard input
56

EXAMPLES

58       Perform a key exchange:
59
60           $ jose jwk gen -i '{"alg":"ECDH"}' -o local.jwk
61           $ jose jwk gen -i '{"alg":"ECDH"}' | jose jwk pub -i- -o remote.jwk
62           $ jose jwk exc -l local.jwk -r remote.jwk -o exchanged.jwk
63

AUTHOR

65       Nathaniel McCallum <npmccallum@redhat.com>
66

SEE ALSO

68       jose-alg(1), jose-jwk-exc(1), jose-jwk-gen(1), jose-jwk-pub(1)
69
70
71
72                                  01/20/2022                   JOSE-JWK-EXC(1)