Console
The project comes with console commands.
They are available:
Available Commands
In the following example, we will call commands using ./jose.phar. If you need more information about a command, call the command with the option --help.
Key Management Commands
Private Key To Public Key Converter
This command will convert a private key into a public key. It has no effect on shared keys (e.g. oct keys).
The following command will analyze the key passed as argument and find issues.
PKCS#1 Key Converter
This command will convert a RSA or EC key into PKCS#1 key.
The key generator commands will generate a private or shared key. The following options are available:
-o or --out: save the output into a file: --out private.key.
-u or --use: indicates the usage of the key (sig or enc
Elliptic Curve Key
This command will generate an Elliptic Curve key (EC). The supported curves are P-256, P-384 and P-521.
RSA Key
This command will generate a RSA key. The key size must be at least 384 bits. Recommended size is 2048 bits or more.
Octet Key
This command will generate a octet key (oct). Recommended size is 128 bits or more.
Octet Key Pair Key
This command will generate a octet key pair key (OKP). Supported curves are X25519 (for encryption only) and Ed25519 (signature only).
None Key
This command will generate a none key. This key type is only used by the none algorithm. Key parameters alg and use are automatically set.
From An Existing Secret
This feature was introduced in version 1.1.
If you already have a secret, you can use it to create an octet key (oct).
In case your secret is binary string, you will have to encode it first (Base64) and indicate it is encoded.
The key loader commands will loader keys from various sources. The following options are available:
-o or --out: save the output into a file: --out private.key.
-u or --use: indicates the usage of the key (sig or enc
Convert From PEM/DER Keys
This command can load and convert a DER/PEM key file into a JWK. It supports encrypted keys as well as PKCS#1 and PKCS#8 encodings or public/private keys.
Convert From PKCS#12 Keys
This command can load and convert a PKCS#12 key file into a JWK. It supports encrypted keys.
Convert From A X.509 Certificate
This command can load and convert a X.509 key file into a JWK.
RSA Key Optimization
This command optimizes a RSA key by calculating additional primes (CRT). The following option is available:
-o or --out: save the output into a file: --out private.key.
RSA keys generated by this framework are already optimized. This command may be needed when you import RSA keys from external sources. The optimization is not mandatory but highly recommended. cryptographic operations are up to 10 times faster.
This command will calculate the key thumbprint as per the . The following options are available:
-o or --out: save the output into a file: --out private.key.
--hash: the hashing method. Default is sha256. Supported methods are the one listed by .
Keyset Management Commands
Private Keys To Public Keys Converter
This command has the same affect as key:convert:public except that it will convert all keys in the keyset. It has no effect on shared keys (e.g. oct keys).
This command has the same behaviour as key:analyze except that it will analize all keys in the keyset.
Keyset Generators
The key set generator commands will generate key sets with random keys of the same type.
These commands have the same options as the key generator commands. The only difference is that you have to indicate the number of keys you want in the key set.
Examples:
The result of these commands is a JWKSet object.
Key Set Modification
keyset:add:key: Add a key into a key set.
keyset:merge: Merge several key sets into one.
Distant Key Set Loading
keyset:load:jku: Loads a key set from an url.
keyset:load:x5u: Loads a key set from an url.