RNBYC(1) User Commands RNBYC(1)

rnbyc - JWK and JWT parser and generator

rnbyc - JWK/JWKS parser and generator, JWT parser and serializer, supports signed, encrypted and nested JWTs

Version 1.1.8

Copyright 2020-2022 Nicolas Mora <mail@babelouest.org>

This program is free software; you can redistribute it and/or modify it under the terms of the GPL 3

Command-line options:

-j --jwks

Action: JWKS, parse or generate keys and output JWKS

-g --generate <type>

Generate a key pair or a symmetric key <type> - values available: RSA[key size] (default key size: 4096), EC256, EC384, EC521, Ed25519, Ed448, X25519, X448, oct[key size] (default key size: 128 bits)

-i --stdin

Reads key to parse from stdin

-f --in-file

Reads key to parse from a file

-k --key-id

Specifies the key-id to add to the current key

-a --alg

Action: JWKS - Specifies the alg value to add to the current key Action: Serialize - Specifies the alg value to sign the token

-e --enc

Specifies the enc value to encrypt the token (default A128CBC)

-l --enc-alg

Specifies the encryption algorithm for key management of the token

-o --out-file

Specifies the output file for the private keys (or all the keys if no public file is specified) in the JWKS

-p --out-file-public

Specifies the output file for the public keys in the JWKS

-n --indent

JWKS output spaces indentation: 0 is compact mode, default is 2 spaces indent

-F --format

Output format, values available are JWK (default), PEM or DER

-x --split

Split JWKS output in public and private keys

-t --parse-token

Action: Parse token

-s --serialize-token

Action: serialize given claims in a token

-H --header

Display header of a parsed token

-C --claims

Display claims of a parsed token, default true

-P --public-key

Specifies the public key for key management encryption or signature verification Public key must be in JWKS format and can be either a JWKS string or a path to a JWKS file

-K --private-key

Specifies the private key for key management decryption or signature generation Public key must be in JWKS format and can be either a JWKS string or a path to a JWKS file

-S --self-signed

Verifies the JWT signature if the signed JWT has its public key included in its header as 'jwk', 'x5c' or 'x5u' parameter

-W --password

Specifies the password for key management encryption/decryption using PBES2 alg or signature generation/verification using HS alg

-u --x5u-flags

Set x5u flags to retrieve online certificate, values available are:
cert: ignore server certificate errors (self-signed, expired, etc.) follow: follow jwks_uri redirection if any values can be contatenated, e.g. --x5u-flags cert,follow

-v --version

Print rnbyc's current version

-h --help

Print this message

-d --debug

Display debug messages

The full documentation for rnbyc is maintained as a Texinfo manual. If the info and rnbyc programs are properly installed at your site, the command

info rnbyc

should give you access to the complete manual.

September 2023 rnbyc 1.1.8