Mirrors/libwebsockets
1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Code Issues Releases Wiki Activity
libwebsockets/minimal-examples/crypto/minimal-crypto-jwe
History
Andy Green f7149e90c2 cc0: align dedication to CC0 FAQ recommended format 
https://libwebsockets.org/pipermail/libwebsockets/2019-April/007937.html

thanks to Bruce Perens for noting it.

This doesn't change the intention or status of the CC0 files, they were
pure CC0 before (ie, public domain) and they are pure CC0 now.  It just
gets rid of the (C) part at the top of the dedication which may be read
to be a bit contradictory since the purpose is to make it public domain.
2019-05-02 09:29:01 +01:00
..
CMakeLists.txt jwe 2018-12-27 06:45:32 +08:00
key-rsa-4096.private jwe 2018-12-27 06:45:32 +08:00
key-rsa-4096.pub jwe 2018-12-27 06:45:32 +08:00
main.c cc0: align dedication to CC0 FAQ recommended format 2019-05-02 09:29:01 +01:00
README.md lws-x509: validation functions 2018-12-31 20:35:54 +08:00

README.md

lws minimal example for JWE

Demonstrates how to encrypt and decrypt using JWE and JWK, providing a commandline tool for creating encrypted JWE and decoding them.

build

 $ cmake . && make

usage

Stdin is either the plaintext (if encrypting) or JWE (if decrypting).

Stdout is either the JWE (if encrypting) or plaintext (if decrypting).

You must pass a private or public key JWK file in the -k option if encrypting, and must pass a private key JWK file in the -k option if decrypting. To be clear, for asymmetric keys the public part of the key is required to encrypt, and the private part required to decrypt.

For convenience, a pair of public and private keys are provided, key-rsa-4096.private and key-rsa-4096.pub, these were produced with just

 $ lws-crypto-jwk -t RSA -b 4096 --public key-rsa-4096.pub >key-rsa-4096.private

Similar keys for EC modes may be produced with

 $ lws-crypto-jwk -t EC -v P-256 --public key-ecdh-p-256.pub >key-ecdh-p-256.private

and for AES ("octet") symmetric keys

 $ lws-crypto-jwk -t OCT -b 128 >key-aes-128.private

JWEs produced with openssl and mbedtls backends are completely interchangeable.

Commandline option Meaning
-d Debug verbosity in decimal, eg, -d15
-e " " Encrypt (default is decrypt), eg, -e "RSA1_5 A128CBC-HS256". For decrypt, the cipher information comes from the input JWE.
-k JWK file to encrypt or decrypt with
-c Format the JWE as a linebroken C string
-f Output flattened representation (instead of compact by default) 
 $ echo -n "plaintext0123456" | ./lws-crypto-jwe -k key-rsa-4096.private -e "RSA1_5 A128CBC-HS256"
[2018/12/19 16:20:25:6519] USER: LWS JWE example tool
[2018/12/19 16:20:25:6749] NOTICE: Creating Vhost 'default' (serving disabled), 1 protocols, IPv6 off
eyJhbGciOiJSU0ExXzUiLCAiZW5jIjoiQTEyOENCQy1IUzI1NiJ9.ivFr7qzx-pQ4V_edbjpdvR9OwWL9KmojPE2rXQM52oLtW0BtnxZu2_ezqhsAelyIcaworgfobs3u4bslXHMFbeJJjPb5xD0fBDe64OYXZH1NpUGTMJh9Ka4CrJ2B3xhxe7EByGAuGqmluqE0Yezj7rhSw7vlr5JAwuOJ8FaGa8aZ8ldki5G5h_S2Furlbjdcw3Rrxk7mCoMHcLoqzfZtggMPwGAMFogCqcwUo7oSLbBeGaa6hpMbfSysugseWdr8TzObQKPM52k6iVAlGwRaOg_qdLMgZiYRhHA6nFKTQd7XBbNY6qAS8sPuj7Zz344tF3RSfJ0zX_telG71sOtVv5fMpeDU-eCdpOWlCBfu6J6FQfAFu6SJryM4ajGOif09CwFI5qUQ33SOfQfS_M3nqSyd6Vu5M4lsDrb5wK7_XX5gqUwvI9wicf_8WWR-CQomRF-JvEASnA2SIf8QqYfa8R2rP9q6Md4vwO4EZrtxIsMDPsH-4ZEFu7vDjyy09QfIWWsnEb8-UgpVXensgt2m_2bZ76r1VB8-0nZLMwMyEhaH2wra9vX2FWao5UkmNJ7ht300f4_V6QzMFoePpwCvsufWBW6jcQLB-frCWe6uitWaZHEB4LxmNPKzQSz4QwwTKhpF1jNn8Xh1-w1m-2h0gj-oe-S8QBwPveqhPI1p2fI.snuhUTXHNu5mJ6dEPQqg6g.yl36qC4o0GE4nrquQ2YyCg.Vf0MoT7_kUrZdCNWXhq1DQ

Notice the logging is on stderr, and the output alone on stdout.

You can also pipe the output of the encrypt action directly into the decrypt action, eg

 $ echo -n "plaintext0123456" | \
   ./lws-crypto-jwe -k key-rsa-4096.pub -e "RSA1_5 A128CBC-HS256" | \
   ./lws-crypto-jwe -k key-rsa-4096.private

prints the plaintext on stdout.