Home

Awesome

build

Welcome to José!

José is a C-language implementation of the Javascript Object Signing and Encryption standards. Specifically, José aims towards implementing the following standards:

José is extensively tested against the RFC test vectors.

Supported Algorithms

AlgorithmSupportedAlgorithm TypeJWK Type
HS256YESSignatureoct
HS384YESSignatureoct
HS512YESSignatureoct
RS256YESSignatureRSA
RS384YESSignatureRSA
RS512YESSignatureRSA
ES256YESSignatureEC
ES384YESSignatureEC
ES512YESSignatureEC
ES256KYESSignatureEC
PS256YESSignatureRSA
PS384YESSignatureRSA
PS512YESSignatureRSA
noneNOSignatureN/A
RSA1_5YESKey WrapRSA
RSA-OAEPYESKey WrapRSA
RSA-OAEP-256YESKey WrapRSA
A128KWYESKey Wrapoct
A192KWYESKey Wrapoct
A256KWYESKey Wrapoct
dirYESKey Wrapoct
ECDH-ESYESKey WrapEC
ECDH-ES+A128KWYESKey WrapEC
ECDH-ES+A192KWYESKey WrapEC
ECDH-ES+A256KWYESKey WrapEC
A128GCMKWYESKey Wrapoct
A192GCMKWYESKey Wrapoct
A256GCMKWYESKey Wrapoct
PBES2-HS256+A128KWYESKey WrapN/A
PBES2-HS384+A192KWYESKey WrapN/A
PBES2-HS512+A256KWYESKey WrapN/A
A128CBC-HS256YESEncryptionoct
A192CBC-HS384YESEncryptionoct
A256CBC-HS512YESEncryptionoct
A128GCMYESEncryptionoct
A192GCMYESEncryptionoct
A256GCMYESEncryptionoct

José Command-Line Utility

José provides a command-line utility which encompasses most of the JOSE features. This allows for easy integration into your project and one-off scripts. Below you will find examples of the common commands.

Key Management

José can generate keys, remove private keys and show thumbprints. For example:

# Generate three different kinds of keys
$ jose jwk gen -i '{"alg": "A128GCM"}' -o oct.jwk
$ jose jwk gen -i '{"alg": "RSA1_5"}' -o rsa.jwk
$ jose jwk gen -i '{"alg": "ES256"}' -o ec.jwk

# Remove the private keys
$ jose jwk pub -i oct.jwk -o oct.pub.jwk
$ jose jwk pub -i rsa.jwk -o rsa.pub.jwk
$ jose jwk pub -i ec.jwk -o ec.pub.jwk

# Calculate thumbprints
$ jose jwk thp -i oct.jwk
9ipMcxQLsI56Mqr3yYS8hJguJ6Mc8Zh6fkufoiKokrM
$ jose jwk thp -i rsa.jwk
rS6Yno3oQYRIztC6np62nthbmdydhrWmK2Zn_Izmerw
$ jose jwk thp -i ec.jwk
To8yMD92X82zvGoERAcDzlPP6awMYGM2HYDc1G5xOtc

Signatures

José can sign and verify data. For example:

$ echo hi | jose jws sig -i- -k ec.jwk -o msg.jws
$ jose jws ver -i msg.jws -k ec.pub.jwk
hi
$ jose jws ver -i msg.jws -k oct.jwk
No signatures validated!

Encryption

José can encrypt and decrypt data. For example:

$ echo hi | jose jwe enc -i- -k rsa.pub.jwk -o msg.jwe
$ jose jwe dec -i msg.jwe -k rsa.jwk
hi
$ jose jwe dec -i msg.jwe -k oct.jwk
Decryption failed!

Building and Installing from Source

Building Jose is fairly straightforward:

$ mkdir build && cd build
$ meson setup .. --prefix=/usr
$ ninja
$ sudo ninja install

You can even run the tests if you'd like:

$ meson test

To build a FreeBSD, HardenedBSD or OPNsense package use:

(as root) # pkg install meson pkgconf jansson openssl asciidoc jq

$ mkdir build && cd build
$ meson setup .. --prefix=/usr/local
$ ninja
$ meson test
(as root) # ninja install

Once built it does not require meson and pkgconf, but still requires jansson and openssl.