archive/libwebsockets
1
0
Fork 0
mirror of https://libwebsockets.org/repo/libwebsockets synced 2024-12-26 15:18:15 +00:00
Code Issues Packages Projects Releases Wiki Activity
main
libwebsockets/minimal-examples-lowlevel/crypto/minimal-crypto-jwe/README.md

71 lines
2.9 KiB
Markdown
Raw Permalink Blame History

# lws minimal example for JWE
Demonstrates how to encrypt and decrypt using JWE and JWK, providing a
commandline tool for creating encrypted JWE and decoding them.
## build
```
$ cmake . && make
```
## usage
Stdin is either the plaintext (if encrypting) or JWE (if decrypting).
Stdout is either the JWE (if encrypting) or plaintext (if decrypting).
You must pass a private or public key JWK file in the -k option if encrypting,
and must pass a private key JWK file in the -k option if decrypting. To be
clear, for asymmetric keys the public part of the key is required to encrypt,
and the private part required to decrypt.
For convenience, a pair of public and private keys are provided,
`key-rsa-4096.private` and `key-rsa-4096.pub`, these were produced with just
```
$ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private
```
Similar keys for EC modes may be produced with
```
$ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private
```
and for AES ("octet") symmetric keys
```
$ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private
```
JWEs produced with openssl and mbedtls backends are completely interchangeable.
Commandline option|Meaning
---|---
-d <loglevel>|Debug verbosity in decimal, eg, -d15
-e "<cek cipher alg> <payload enc alg>"|Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE.
-k <jwk file>|JWK file to encrypt or decrypt with
-c|Format the JWE as a linebroken C string
-f|Output flattened representation (instead of compact by default)
```
$ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256"
[2018/12/19 16:20:25:6519] USER: LWS JWE example tool
[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ
```
Notice the logging is on stderr, and the output alone on stdout.
You can also pipe the output of the encrypt action directly into the decrypt
action, eg
```
$ echo -n "plaintext0123456" | \
./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \
./lws-crypto-jwe -k key-rsa-4096.private
```
prints the plaintext on stdout.
Reference in New Issue View Git Blame Copy Permalink