c9731c5f17
This is a huge patch that should be a global NOP. For unix type platforms it enables -Wconversion to issue warnings (-> error) for all automatic casts that seem less than ideal but are normally concealed by the toolchain. This is things like passing an int to a size_t argument. Once enabled, I went through all args on my default build (which build most things) and tried to make the removed default cast explicit. With that approach it neither change nor bloat the code, since it compiles to whatever it was doing before, just with the casts made explicit... in a few cases I changed some length args from int to size_t but largely left the causes alone. From now on, new code that is relying on less than ideal casting will complain and nudge me to improve it by warnings. |
||
|---|---|---|
| .. | ||
| CMakeLists.txt | ||
| key-rsa-4096.private | ||
| key-rsa-4096.pub | ||
| main.c | ||
| README.md | ||
lws minimal example for JWE
Demonstrates how to encrypt and decrypt using JWE and JWK, providing a commandline tool for creating encrypted JWE and decoding them.
build
$ cmake . && make
usage
Stdin is either the plaintext (if encrypting) or JWE (if decrypting).
Stdout is either the JWE (if encrypting) or plaintext (if decrypting).
You must pass a private or public key JWK file in the -k option if encrypting, and must pass a private key JWK file in the -k option if decrypting. To be clear, for asymmetric keys the public part of the key is required to encrypt, and the private part required to decrypt.
For convenience, a pair of public and private keys are provided,
key-rsa-4096.private and key-rsa-4096.pub, these were produced with just
$ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private
Similar keys for EC modes may be produced with
$ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private
and for AES ("octet") symmetric keys
$ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private
JWEs produced with openssl and mbedtls backends are completely interchangeable.
| Commandline option | Meaning |
|---|---|
| -d | Debug verbosity in decimal, eg, -d15 |
| -e " " | Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE. |
| -k | JWK file to encrypt or decrypt with |
| -c | Format the JWE as a linebroken C string |
| -f | Output flattened representation (instead of compact by default) |
$ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256"
[2018/12/19 16:20:25:6519] USER: LWS JWE example tool
[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ
Notice the logging is on stderr, and the output alone on stdout.
You can also pipe the output of the encrypt action directly into the decrypt action, eg
$ echo -n "plaintext0123456" | \
./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \
./lws-crypto-jwe -k key-rsa-4096.private
prints the plaintext on stdout.