1d4afb5ceSopenharmony_ci# lws minimal example for JWE 2d4afb5ceSopenharmony_ci 3d4afb5ceSopenharmony_ciDemonstrates how to encrypt and decrypt using JWE and JWK, providing a 4d4afb5ceSopenharmony_cicommandline tool for creating encrypted JWE and decoding them. 5d4afb5ceSopenharmony_ci 6d4afb5ceSopenharmony_ci## build 7d4afb5ceSopenharmony_ci 8d4afb5ceSopenharmony_ci``` 9d4afb5ceSopenharmony_ci $ cmake . && make 10d4afb5ceSopenharmony_ci``` 11d4afb5ceSopenharmony_ci 12d4afb5ceSopenharmony_ci## usage 13d4afb5ceSopenharmony_ci 14d4afb5ceSopenharmony_ciStdin is either the plaintext (if encrypting) or JWE (if decrypting). 15d4afb5ceSopenharmony_ci 16d4afb5ceSopenharmony_ciStdout is either the JWE (if encrypting) or plaintext (if decrypting). 17d4afb5ceSopenharmony_ci 18d4afb5ceSopenharmony_ciYou must pass a private or public key JWK file in the -k option if encrypting, 19d4afb5ceSopenharmony_ciand must pass a private key JWK file in the -k option if decrypting. To be 20d4afb5ceSopenharmony_ciclear, for asymmetric keys the public part of the key is required to encrypt, 21d4afb5ceSopenharmony_ciand the private part required to decrypt. 22d4afb5ceSopenharmony_ci 23d4afb5ceSopenharmony_ciFor convenience, a pair of public and private keys are provided, 24d4afb5ceSopenharmony_ci`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just 25d4afb5ceSopenharmony_ci 26d4afb5ceSopenharmony_ci``` 27d4afb5ceSopenharmony_ci $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private 28d4afb5ceSopenharmony_ci``` 29d4afb5ceSopenharmony_ci 30d4afb5ceSopenharmony_ciSimilar keys for EC modes may be produced with 31d4afb5ceSopenharmony_ci 32d4afb5ceSopenharmony_ci``` 33d4afb5ceSopenharmony_ci $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private 34d4afb5ceSopenharmony_ci``` 35d4afb5ceSopenharmony_ci 36d4afb5ceSopenharmony_ciand for AES ("octet") symmetric keys 37d4afb5ceSopenharmony_ci 38d4afb5ceSopenharmony_ci``` 39d4afb5ceSopenharmony_ci $ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private 40d4afb5ceSopenharmony_ci``` 41d4afb5ceSopenharmony_ci 42d4afb5ceSopenharmony_ciJWEs produced with openssl and mbedtls backends are completely interchangeable. 43d4afb5ceSopenharmony_ci 44d4afb5ceSopenharmony_ciCommandline option|Meaning 45d4afb5ceSopenharmony_ci---|--- 46d4afb5ceSopenharmony_ci-d <loglevel>|Debug verbosity in decimal, eg, -d15 47d4afb5ceSopenharmony_ci-e "<cek cipher alg> <payload enc alg>"|Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE. 48d4afb5ceSopenharmony_ci-k <jwk file>|JWK file to encrypt or decrypt with 49d4afb5ceSopenharmony_ci-c|Format the JWE as a linebroken C string 50d4afb5ceSopenharmony_ci-f|Output flattened representation (instead of compact by default) 51d4afb5ceSopenharmony_ci 52d4afb5ceSopenharmony_ci``` 53d4afb5ceSopenharmony_ci $ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256" 54d4afb5ceSopenharmony_ci[2018/12/19 16:20:25:6519] USER: LWS JWE example tool 55d4afb5ceSopenharmony_ci[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off 56d4afb5ceSopenharmony_cieyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ 57d4afb5ceSopenharmony_ci``` 58d4afb5ceSopenharmony_ci 59d4afb5ceSopenharmony_ciNotice the logging is on stderr, and the output alone on stdout. 60d4afb5ceSopenharmony_ci 61d4afb5ceSopenharmony_ciYou can also pipe the output of the encrypt action directly into the decrypt 62d4afb5ceSopenharmony_ciaction, eg 63d4afb5ceSopenharmony_ci 64d4afb5ceSopenharmony_ci``` 65d4afb5ceSopenharmony_ci $ echo -n "plaintext0123456" | \ 66d4afb5ceSopenharmony_ci ./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \ 67d4afb5ceSopenharmony_ci ./lws-crypto-jwe -k key-rsa-4096.private 68d4afb5ceSopenharmony_ci``` 69d4afb5ceSopenharmony_ci 70d4afb5ceSopenharmony_ciprints the plaintext on stdout. 71