1# lws minimal example for JWE 2 3Demonstrates how to encrypt and decrypt using JWE and JWK, providing a 4commandline tool for creating encrypted JWE and decoding them. 5 6## build 7 8``` 9 $ cmake . && make 10``` 11 12## usage 13 14Stdin is either the plaintext (if encrypting) or JWE (if decrypting). 15 16Stdout is either the JWE (if encrypting) or plaintext (if decrypting). 17 18You must pass a private or public key JWK file in the -k option if encrypting, 19and must pass a private key JWK file in the -k option if decrypting. To be 20clear, for asymmetric keys the public part of the key is required to encrypt, 21and the private part required to decrypt. 22 23For convenience, a pair of public and private keys are provided, 24`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just 25 26``` 27 $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private 28``` 29 30Similar keys for EC modes may be produced with 31 32``` 33 $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private 34``` 35 36and for AES ("octet") symmetric keys 37 38``` 39 $ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private 40``` 41 42JWEs produced with openssl and mbedtls backends are completely interchangeable. 43 44Commandline option|Meaning 45---|--- 46-d <loglevel>|Debug verbosity in decimal, eg, -d15 47-e "<cek cipher alg> <payload enc alg>"|Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE. 48-k <jwk file>|JWK file to encrypt or decrypt with 49-c|Format the JWE as a linebroken C string 50-f|Output flattened representation (instead of compact by default) 51 52``` 53 $ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256" 54[2018/12/19 16:20:25:6519] USER: LWS JWE example tool 55[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 56eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ 57``` 58 59Notice the logging is on stderr, and the output alone on stdout. 60 61You can also pipe the output of the encrypt action directly into the decrypt 62action, eg 63 64``` 65 $ echo -n "plaintext0123456" | \ 66 ./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \ 67 ./lws-crypto-jwe -k key-rsa-4096.private 68``` 69 70prints the plaintext on stdout. 71