1JOSE-JWS-SIG(1)                                                JOSE-JWS-SIG(1)
2
3
4

NAME

6       jose-jws-sig - Signs a payload using one or more JWKs
7

SYNOPSIS

9       jose jws sig [-i JWS] [-I PAY] [-s SIG] -k JWK [-o JWS] [-O PAY] [-c]
10

OVERVIEW

12       The jose jws sig command signs a payload using one or more JWKs. The
13       payload can be provided either in its decoded form (-I) or embedded in
14       an existing JWS (-i).
15
16       A detached JWS can be created by specifying the -O option. In this
17       case, the decoded payload will be written to the output specified and
18       will not be included in the JWS.
19
20       If only one key is used (-k), the resulting JWS may be output in JWS
21       Compact Serialization by using the -c option.
22
23       This command uses a template based approach for constructing a JWS. You
24       can specify templates of the JWS itself (-i) or for the JWS Signature
25       Object (-r). Attributes specified in either of these templates will
26       appear unmodified in the output. One exception to this rule is that the
27       JWS Protected Header should be specified in its decoded form in the JWS
28       Signature Object template. This command will automatically encode it as
29       part of the encryption process.
30
31       If you specify a JOSE Header Parameter (via either the -i or -r
32       options) that affects the construction of the JWE, this command will
33       attempt to behave according to this parameter as if it were
34       configuration. Currently, jose will modify its behavior for the "alg"
35       JOSE Header Parameter (see RFC 7515 Section 4.1.1).
36
37       However, it is not necessary to provide any templates: jose jwe enc
38       will automatically fill in the "alg" parameter by inferring the correct
39       algorithm from the provided input JWKs. Therefore, the -i and -r
40       options should generally be used for providing extended JWE metadata.
41
42       It is possible to specify an existing JWS as the JWS template input
43       (-i). This allows the addition of new signatures to an existing JWS.
44

OPTIONS

46-i JSON, --input=JSON : Parse JWS template from JSON
47
48-i FILE, --input=FILE : Read JWS template from FILE
49
50-i -, --input=- : Read JWS template from standard input
51
52-I FILE, --detached=FILE : Read decoded payload from FILE
53
54-I -, --detached=- : Read decoded payload from standard input
55
56-s JSON, --signature=JSON : Parse JWS signature template from JSON
57
58-s FILE, --signature=FILE : Read JWS signature template from FILE
59
60-s -, --signature=- : Read JWS signature template standard input
61
62-k FILE, --key=FILE : Read JWK(Set) from FILE
63
64-k -, --key=- : Read JWK(Set) from standard input
65
66-o FILE, --output=FILE : Write JWS to FILE
67
68-o -, --output=- : Write JWS to stdout (default)
69
70-O FILE, --detach=FILE : Detach payload and decode to FILE
71
72-O -, --detach=- : Detach payload and decode to standard output
73
74-c, --compact : Output JWS using compact serialization
75

EXAMPLES

77       Sign data with a symmetric key using JWE JSON Serialization:
78
79           $ jose jwk gen -i '{"alg":"HS256"}' -o key.jwk
80           $ jose jws sig -I msg.txt -k key.jwk -o msg.jws
81
82       Sign data using detached JWE Compact Serialization:
83
84           $ jose jws sig -I msg.txt -k key.jwk -O /dev/null -c -o msg.jws
85
86       Sign with two keys:
87
88           $ jose jwk gen -i '{"alg":"ES256"}' -o ec.jwk
89           $ jose jwk gen -i '{"alg":"RS256"}' -o rsa.jwk
90           $ jose jws sig -I msg.txt -k ec.jwk -k rsa.jwk -o msg.jws
91

AUTHOR

93       Nathaniel McCallum <npmccallum@redhat.com>
94

SEE ALSO

96       jose-jws-sig(1), jose-jws-ver(1)
97
98
99
100                                  01/20/2022                   JOSE-JWS-SIG(1)
Impressum