Provided by: jose_10-2build2_amd64 bug

NAME

       jose-jws-sig - Signs a payload using one or more JWKs

SYNOPSIS

       jose jws sig [-i JWS] [-I PAY] [-s SIG] -k JWK [-o JWS] [-O PAY] [-c]

OVERVIEW

       The  jose  jws  sig  command  signs  a  payload using one or more JWKs. The payload can be
       provided either in its decoded form (-I) or embedded in an existing JWS (-i).

       A detached JWS can be created by specifying the -O  option.  In  this  case,  the  decoded
       payload will be written to the output specified and will not be included in the JWS.

       If only one key is used (-k), the resulting JWS may be output in JWS Compact Serialization
       by using the -c option.

       This command uses a template based approach  for  constructing  a  JWS.  You  can  specify
       templates  of  the  JWS  itself  (-i)  or  for  the  JWS Signature Object (-r). Attributes
       specified in either of these templates will appear unmodified in the output. One exception
       to  this  rule is that the JWS Protected Header should be specified in its decoded form in
       the JWS Signature Object template. This command will automatically encode it  as  part  of
       the encryption process.

       If  you specify a JOSE Header Parameter (via either the -i or -r options) that affects the
       construction of the JWE, this command will attempt to behave according to  this  parameter
       as  if  it were configuration. Currently, jose will modify its behavior for the "alg" JOSE
       Header Parameter (see RFC 7515 Section 4.1.1).

       However, it is not necessary to provide any templates: jose  jwe  enc  will  automatically
       fill  in  the  "alg"  parameter by inferring the correct algorithm from the provided input
       JWKs. Therefore, the -i and -r options should generally be used for providing extended JWE
       metadata.

       It  is possible to specify an existing JWS as the JWS template input (-i). This allows the
       addition of new signatures to an existing JWS.

OPTIONS

       -i JSON, --input=JSON
              Parse JWS template from JSON

       -i FILE, --input=FILE
              Read JWS template from FILE

       -i -, --input=-
              Read JWS template from standard input

       -I FILE, --detached=FILE
              Read decoded payload from FILE

       -I -, --detached=-
              Read decoded payload from standard input

       -s JSON, --signature=JSON
              Parse JWS signature template from JSON

       -s FILE, --signature=FILE
              Read JWS signature template from FILE

       -s -, --signature=-
              Read JWS signature template standard input

       -k FILE, --key=FILE
              Read JWK(Set) from FILE

       -k -, --key=-
              Read JWK(Set) from standard input

       -o FILE, --output=FILE
              Write JWS to FILE

       -o -, --output=-
              Write JWS to stdout (default)

       -O FILE, --detach=FILE
              Detach payload and decode to FILE

       -O -, --detach=-
              Detach payload and decode to standard output

       -c, --compact
              Output JWS using compact serialization

EXAMPLES

       Sign data with a symmetric key using JWE JSON Serialization:

           $ jose jwk gen -i ´{"alg":"HS256"}´ -o key.jwk
           $ jose jws sig -I msg.txt -k key.jwk -o msg.jws

       Sign data using detached JWE Compact Serialization:

           $ jose jws sig -I msg.txt -k key.jwk -O /dev/null -c -o msg.jws

       Sign with two keys:

           $ jose jwk gen -i ´{"alg":"ES256"}´ -o ec.jwk
           $ jose jwk gen -i ´{"alg":"RS256"}´ -o rsa.jwk
           $ jose jws sig -I msg.txt -k ec.jwk -k rsa.jwk -o msg.jws

AUTHOR

       Nathaniel McCallum <npmccallum@redhat.com>

SEE ALSO

       jose-jws-sig(1), jose-jws-ver(1)

                                            June 2017                             JOSE-JWS-SIG(1)