1# lws minimal example for JWS 2 3Demonstrates how to sign and verify using compact JWS and JWK, providing a 4commandline tool for signing and verifying stdin. 5 6## build 7 8``` 9 $ cmake . && make 10``` 11 12## usage 13 14Stdin is either the plaintext (if signing) or compact JWS (if verifying). 15 16Stdout is either the JWE (if encrypting) or plaintext (if decrypting). 17 18You must pass a private or public key JWK file in the -k option if encrypting, 19and must pass a private key JWK file in the -k option if decrypting. To be 20clear, for asymmetric keys the public part of the key is required to encrypt, 21and the private part required to decrypt. 22 23For convenience, a pair of public and private keys are provided, 24`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just 25 26``` 27 $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private 28``` 29 30Similar keys for EC modes may be produced with 31 32``` 33 $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private 34``` 35 36JWSs produced with openssl and mbedtls backends are completely interchangeable. 37 38Commandline option|Meaning 39---|--- 40-d <loglevel>|Debug verbosity in decimal, eg, -d15 41-s "<signature alg>"|Sign (default is verify), eg, -e "ES256". For verify, the cipher information comes from the input JWS. 42-k <jwk file>|JWK file to sign or verify with... sign requires the key has its private part 43-c|Format the JWE as a linebroken C string 44-f|Output flattened representation (instead of compact by default) 45 46``` 47 $ echo -n "plaintext0123456" | ./lws-crypto-jws -s "ES256" -k ec-p256.private 48[2018/12/19 16:20:25:6519] USER: LWS JWE example tool 49[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 50eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ 51``` 52 53Notice the logging is on stderr, and the output alone on stdout. 54 55When signing, the compact representation of the JWS is output on stdout. 56 57When verifying, if the signature is valid the plaintext is output on stdout 58and the tool exits with a 0 exit code. Otherwise nothing is output on stdout 59and it exits with a nonzero exit code. 60 61