• Home
Name Date Size #Lines LOC

..--

CMakeLists.txtD03-May-20242 KiB7969

README.mdD03-May-20242.9 KiB7150

key-rsa-4096.privateD03-May-20243.1 KiB21

key-rsa-4096.pubD03-May-2024730 21

main.cD03-May-20245.9 KiB283204

README.md

1# lws minimal example for JWE
2
3Demonstrates how to encrypt and decrypt using JWE and JWK, providing a
4commandline tool for creating encrypted JWE and decoding them.
5
6## build
7
8```
9 $ cmake . && make
10```
11
12## usage
13
14Stdin is either the plaintext (if encrypting) or JWE (if decrypting).
15
16Stdout is either the JWE (if encrypting) or plaintext (if decrypting).
17
18You must pass a private or public key JWK file in the -k option if encrypting,
19and must pass a private key JWK file in the -k option if decrypting.  To be
20clear, for asymmetric keys the public part of the key is required to encrypt,
21and the private part required to decrypt.
22
23For convenience, a pair of public and private keys are provided,
24`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just
25
26```
27 $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private
28```
29
30Similar keys for EC modes may be produced with
31
32```
33 $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private
34```
35
36and for AES ("octet") symmetric keys
37
38```
39 $ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private
40```
41
42JWEs produced with openssl and mbedtls backends are completely interchangeable.
43
44Commandline option|Meaning
45---|---
46-d <loglevel>|Debug verbosity in decimal, eg, -d15
47-e "<cek cipher alg> <payload enc alg>"|Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256".  For decrypt, the cipher information comes from the input JWE.
48-k <jwk file>|JWK file to encrypt or decrypt with
49-c|Format the JWE as a linebroken C string
50-f|Output flattened representation (instead of compact by default)
51
52```
53 $ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256"
54[2018/12/19 16:20:25:6519] USER: LWS JWE example tool
55[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
56eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ
57```
58
59Notice the logging is on stderr, and the output alone on stdout.
60
61You can also pipe the output of the encrypt action directly into the decrypt
62action, eg
63
64```
65 $ echo -n "plaintext0123456" | \
66   ./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \
67   ./lws-crypto-jwe -k key-rsa-4096.private
68```
69
70prints the plaintext on stdout.
71