1JOSE-JWE-ENC(1)                                                JOSE-JWE-ENC(1)
2
3
4

NAME

6       jose-jwe-enc - Encrypts plaintext using one or more JWK/password
7

SYNOPSIS

9       jose jwe enc [-i JWE] -I PT -k JWK [-p] [-r RCP] [-o JWE] [-O CT] [-c]
10

OVERVIEW

12       The jose jwe enc command encrypts data using one or more JWK (-k) or
13       password (-p). When specifying more than one JWK or password,
14       decryption will succeed with any one of the provided keys.
15
16       A detached JWE can be created by specifying the -O option. In this
17       case, the decoded ciphertext will be written to the output specified
18       and will not be included in the JWE.
19
20       If only one key is used (-k or -p), the resulting JWE may be output in
21       JWE Compact Serialization by using the -c option.
22
23       This command uses a template based approach for constructing a JWE. You
24       can specify templates of the JWE itself (-i) or for the JWE Recipient
25       Object (-r). Attributes specified in either of these templates will
26       appear unmodified in the output. One exception to this rule is that the
27       JWE Protected Header should be specified in its decoded form in the
28       template. This command will automatically encode it as part of the
29       encryption process.
30
31       If you specify a JOSE Header Parameter (via either the -i or -r
32       options) that affects the construction of the JWE, this command will
33       attempt to behave according to this parameter as if it were
34       configuration. For example, specifying the "zip" parameter in the JWE
35       Protected Header will cause the plaintext to be compressed before
36       encryption. Currently, jose will modify its behavior for the "alg",
37       "enc" and "zip" JOSE Header Parameters (see RFC 7516 Section 4.1.3), as
38       well as the algorithm-specific parameters for the algorithms we support
39       (see RFC 7518 Section 4).
40
41       However, it is not necessary to provide any templates: jose jwe enc
42       will automatically fill in the "alg" and "enc" parameters by inferring
43       the correct algorithms from the provided input keys (JWK or password).
44       Therefore, the -i and -r options should generally be used for providing
45       extended JWE metadata.
46

OPTIONS

48-i JSON, --input=JSON : Parse JWE from JSON
49
50-i FILE, --input=FILE : Read JWE from FILE
51
52-i -, --input=-: Read JWE from standard input
53
54-I FILE, --detached=FILE : Read decoded ciphertext from FILE
55
56-I -, --detached=- : Read decoded ciphertext from standard input
57
58-r FILE, --recipient=FILE : Read JWE recipient template from FILE
59
60-r -, --recipient=- : Read JWE recipient template from standard
61           input
62
63-k FILE, --key=FILE : Read JWK(Set) from FILE
64
65-k -, --key=- : Read JWK(Set) from standard input
66
67-p, --password : Prompt for an encryption password
68
69-o FILE, --output=FILE : Write JWE to FILE
70
71-o -, --output=- : Write JWE to stdout (default)
72
73-O FILE, --detach=FILE : Detach ciphertext and decode to FILE
74
75-O -, --detach=- : Detach ciphertext and decode to standard output
76
77-c, --compact : Output JWE using compact serialization
78

EXAMPLES

80       Encrypt data with a symmetric key using JWE JSON Serialization:
81
82           $ jose jwk gen -i '{"alg":"A128GCM"}' -o key.jwk
83           $ jose jwe enc -I msg.txt -k key.jwk -o msg.jwe
84
85       Encrypt data with a password using JWE Compact Serialization:
86
87           $ jose jwe enc -I msg.txt -p -c -o msg.jwe
88           Please enter an encryption password:
89           Please re-enter the previous password:
90
91       Compress plaintext before encryption:
92
93           $ jose jwe enc -i '{"protected":{"zip":"DEF"}}' ...
94
95       Encrypt with two keys and two passwords: $ jose jwk gen -i
96       {"alg":"ECDH-ES+A128KW"} -o ec.jwk $ jose jwk gen -i {"alg":"RSA1_5"}
97       -o rsa.jwk $ jose jwe enc -I msg.txt -p -k ec.jwk -p -k rsa.jwk -o
98       msg.jwe Please enter a password: Please re-enter the previous password:
99       Please enter a password: Please re-enter the previous password:
100

AUTHOR

102       Nathaniel McCallum <npmccallum@redhat.com>
103

SEE ALSO

105       jose-jwe-dec(1), jose-jwe-fmt(1)
106
107
108
109                                  07/20/2023                   JOSE-JWE-ENC(1)
Impressum