'\" t
.\"     Title: jose-jwe-enc
.\"    Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot <http://docbook.sf.net/>
.\"      Date: 11/01/2022
.\"    Manual: \ \&
.\"    Source: \ \&
.\"  Language: English
.\"
.TH "JOSE\-JWE\-ENC" "1" "11/01/2022" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
jose-jwe-enc \- Encrypts plaintext using one or more JWK/password
.SH "SYNOPSIS"
.sp
\fBjose jwe enc\fR [\-i JWE] \-I PT \-k JWK [\-p] [\-r RCP] [\-o JWE] [\-O CT] [\-c]
.SH "OVERVIEW"
.sp
The \fBjose jwe enc\fR command encrypts data using one or more JWK (\fB\-k\fR) or password (\fB\-p\fR)\&. When specifying more than one JWK or password, decryption will succeed with any one of the provided keys\&.
.sp
A detached JWE can be created by specifying the \fB\-O\fR option\&. In this case, the decoded ciphertext will be written to the output specified and will not be included in the JWE\&.
.sp
If only one key is used (\fB\-k\fR or \fB\-p\fR), the resulting JWE may be output in JWE Compact Serialization by using the \fB\-c\fR option\&.
.sp
This command uses a template based approach for constructing a JWE\&. You can specify templates of the JWE itself (\fB\-i\fR) or for the JWE Recipient Object (\fB\-r\fR)\&. Attributes specified in either of these templates will appear unmodified in the output\&. One exception to this rule is that the JWE Protected Header should be specified in its decoded form in the template\&. This command will automatically encode it as part of the encryption process\&.
.sp
If you specify a JOSE Header Parameter (via either the \fB\-i\fR or \fB\-r\fR options) that affects the construction of the JWE, this command will attempt to behave according to this parameter as if it were configuration\&. For example, specifying the "zip" parameter in the JWE Protected Header will cause the plaintext to be compressed before encryption\&. Currently, \fBjose\fR will modify its behavior for the "alg", "enc" and "zip" JOSE Header Parameters (see RFC 7516 Section 4\&.1\&.3), as well as the algorithm\-specific parameters for the algorithms we support (see RFC 7518 Section 4)\&.
.sp
However, it is not necessary to provide any templates: \fBjose jwe enc\fR will automatically fill in the "alg" and "enc" parameters by inferring the correct algorithms from the provided input keys (JWK or password)\&. Therefore, the \fB\-i\fR and \fB\-r\fR options should generally be used for providing extended JWE metadata\&.
.SH "OPTIONS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\fIJSON\fR,
\fB\-\-input\fR=\fIJSON\fR
: Parse JWE from JSON
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\fIFILE\fR,
\fB\-\-input\fR=\fIFILE\fR
: Read JWE from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\-,
\fB\-\-input\fR=\-: Read JWE from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-I\fR
\fIFILE\fR,
\fB\-\-detached\fR=\fIFILE\fR
: Read decoded ciphertext from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-I\fR
\-,
\fB\-\-detached\fR=\- : Read decoded ciphertext from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-r\fR
\fIFILE\fR,
\fB\-\-recipient\fR=\fIFILE\fR
: Read JWE recipient template from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-r\fR
\-,
\fB\-\-recipient\fR=\- : Read JWE recipient template from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-k\fR
\fIFILE\fR,
\fB\-\-key\fR=\fIFILE\fR
: Read JWK(Set) from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-k\fR
\-,
\fB\-\-key\fR=\- : Read JWK(Set) from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-p\fR,
\fB\-\-password\fR
: Prompt for an encryption password
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-o\fR
\fIFILE\fR,
\fB\-\-output\fR=\fIFILE\fR
: Write JWE to FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-o\fR
\-,
\fB\-\-output\fR=\- : Write JWE to stdout (default)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-O\fR
\fIFILE\fR,
\fB\-\-detach\fR=\fIFILE\fR
: Detach ciphertext and decode to FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-O\fR
\-,
\fB\-\-detach\fR=\- : Detach ciphertext and decode to standard output
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-c\fR,
\fB\-\-compact\fR
: Output JWE using compact serialization
.RE
.SH "EXAMPLES"
.sp
Encrypt data with a symmetric key using JWE JSON Serialization:
.sp
.if n \{\
.RS 4
.\}
.nf
$ jose jwk gen \-i \*(Aq{"alg":"A128GCM"}\*(Aq \-o key\&.jwk
$ jose jwe enc \-I msg\&.txt \-k key\&.jwk \-o msg\&.jwe
.fi
.if n \{\
.RE
.\}
.sp
Encrypt data with a password using JWE Compact Serialization:
.sp
.if n \{\
.RS 4
.\}
.nf
$ jose jwe enc \-I msg\&.txt \-p \-c \-o msg\&.jwe
Please enter an encryption password:
Please re\-enter the previous password:
.fi
.if n \{\
.RE
.\}
.sp
Compress plaintext before encryption:
.sp
.if n \{\
.RS 4
.\}
.nf
$ jose jwe enc \-i \*(Aq{"protected":{"zip":"DEF"}}\*(Aq \&.\&.\&.
.fi
.if n \{\
.RE
.\}
.sp
Encrypt with two keys and two passwords: $ jose jwk gen \-i \fI{"alg":"ECDH\-ES+A128KW"}\fR \-o ec\&.jwk $ jose jwk gen \-i \fI{"alg":"RSA1_5"}\fR \-o rsa\&.jwk $ jose jwe enc \-I msg\&.txt \-p \-k ec\&.jwk \-p \-k rsa\&.jwk \-o msg\&.jwe Please enter a password: Please re\-enter the previous password: Please enter a password: Please re\-enter the previous password:
.SH "AUTHOR"
.sp
Nathaniel McCallum <npmccallum@redhat\&.com>
.SH "SEE ALSO"
.sp
\fBjose\-jwe\-dec\fR(1), \fBjose\-jwe\-fmt\fR(1)