jose-jwe-enc(category5-qmail.html) - phpMan

JOSE-JWE-ENC(1)                                                JOSE-JWE-ENC(1)
NAME
       jose-jwe-enc - Encrypts plaintext using one or more JWK/password
SYNOPSIS
       jose jwe enc [-i JWE] -I PT -k JWK [-p] [-r RCP] [-o JWE] [-O CT] [-c]
OVERVIEW
       The  jose  jwe  enc command encrypts data using one or more JWK (-k) or
       password  (-p).  When  specifying  more  than  one  JWK  or   password,
       decryption will succeed with any one of the provided keys.
       A  detached  JWE  can  be  created by specifying the -O option. In this
       case, the decoded ciphertext will be written to  the  output  specified
       and will not be included in the JWE.
       If  only one key is used (-k or -p), the resulting JWE may be output in
       JWE Compact Serialization by using the -c option.
       This command uses a template based approach for constructing a JWE. You
       can  specify  templates of the JWE itself (-i) or for the JWE Recipient
       Object (-r). Attributes specified in either  of  these  templates  will
       appear unmodified in the output. One exception to this rule is that the
       JWE Protected Header should be specified in its  decoded  form  in  the
       template.  This  command  will  automatically  encode it as part of the
       encryption process.
       If you specify a JOSE  Header  Parameter  (via  either  the  -i  or  -r
       options)  that  affects  the construction of the JWE, this command will
       attempt  to  behave  according  to  this  parameter  as  if   it   were
       configuration.  For  example, specifying the "zip" parameter in the JWE
       Protected Header will cause  the  plaintext  to  be  compressed  before
       encryption.  Currently,  jose  will  modify its behavior for the "alg",
       "enc" and "zip" JOSE Header Parameters (see RFC 7516 Section 4.1.3), as
       well as the algorithm-specific parameters for the algorithms we support
       (see RFC 7518 Section 4).
       However, it is not necessary to provide any  templates:  jose  jwe  enc
       will  automatically fill in the "alg" and "enc" parameters by inferring
       the correct algorithms from the provided input keys (JWK or  password).
       Therefore, the -i and -r options should generally be used for providing
       extended JWE metadata.
OPTIONS
       -i JSON, --input=JSON
              Parse JWE from JSON
       -i FILE, --input=FILE
              Read JWE from FILE
       -i -, --input=-
              Read JWE from standard input
       -I FILE, --detached=FILE
              Read decoded ciphertext from FILE
       -I -, --detached=-
              Read decoded ciphertext from standard input
       -r FILE, --recipient=FILE
              Read JWE recipient template from FILE
       -r -, --recipient=-
              Read JWE recipient template from standard input
       -k FILE, --key=FILE
              Read JWK(Set) from FILE
       -k -, --key=-
              Read JWK(Set) from standard input
       -p, --password
              Prompt for an encryption password
       -o FILE, --output=FILE
              Write JWE to FILE
       -o -, --output=-
              Write JWE to stdout (default)
       -O FILE, --detach=FILE
              Detach ciphertext and decode to FILE
       -O -, --detach=-
              Detach ciphertext and decode to standard output
       -c, --compact
              Output JWE using compact serialization
EXAMPLES
       Encrypt data with a symmetric key using JWE JSON Serialization:
           $ jose jwk gen -i '{"alg":"A128GCM"}' -o key.jwk
           $ jose jwe enc -I msg.txt -k key.jwk -o msg.jwe
       Encrypt data with a password using JWE Compact Serialization:
           $ jose jwe enc -I msg.txt -p -c -o msg.jwe
           Please enter an encryption password:
           Please re-enter the previous password:
       Compress plaintext before encryption:
           $ jose jwe enc -i '{"protected":{"zip":"DEF"}}' ...
       Encrypt  with  two  keys  and  two  passwords:  $  jose  jwk   gen   -i
       '{"alg":"ECDH-ES+A128KW"}'    -o    ec.jwk    $   jose   jwk   gen   -i
       '{"alg":"RSA1_5"}' -o rsa.jwk $ jose jwe enc -I msg.txt -p -k ec.jwk -p
       -k  rsa.jwk  -o  msg.jwe  Please  enter a password: Please re-enter the
       previous  password:  Please  enter  a  password:  Please  re-enter  the
       previous password:
AUTHOR
       Nathaniel McCallum <npmccallum AT redhat.com>
SEE ALSO
       jose-jwe-dec(1), jose-jwe-fmt(1)
                                  August 2019                  JOSE-JWE-ENC(1)