DOKK / manpages / debian 10 / jose / jose-jwe-dec.1.en
JOSE-JWE-DEC(1) JOSE-JWE-DEC(1)

jose-jwe-dec - Decrypts a JWE using the supplied JWKs

jose jwe dec -i JWE [-I CT] -k JWK [-p] [-O PT]

The jose jwe dec command decrypts a JWE using one or more JWK (-k) or password (-p). Decryption succeeds if any key is able to perform decryption.

If the JWE is a detached JWE, meaning that the ciphertext is stored in binary form external to the JWE itself, the ciphertext can be loaded using the -I parameter.

Please note that, when specifying the -O option to output the plaintext, plaintext output begins before ciphertext validation. Therefore, you must check the return value of the command before using the data.

Parse JWE from JSON
Read JWE from FILE
Read JWE from standard input
Read decoded ciphertext from FILE
Read decoded ciphertext from standard input
Prompt for a decryption password, if necessary
Read JWK(Set) from FILE
Read JWK(Set) from standard input
Parse JWE from JSON
Read JWE from FILE
Read JWE from standard input

Decrypt a JWE with a JWK:

$ jose jwe dec -i msg.jwe -k rsa.key -O msg.txt

Decrypt a JWE with a password:

$ jose jwe dec -i msg.jwe -p -O msg.txt
Please enter decryption password:

Decrypt a JWE with either of two JWKs:

$ jose jwe dec -i msg.jwe -k ec.jwk -k rsa.jwk -O msg.txt

Nathaniel McCallum <npmccallum@redhat.com>

jose-jwe-enc(1), jose-jwe-fmt(1)

May 2017