step crypto jwe decrypt – verify a JWE and decrypt ciphertext
step crypto jwe decrypt
step crypto jwe decrypt verifies a JWE read from STDIN and decrypts the ciphertext printing it to STDOUT. If verification fails a non-zero failure code is returned. If verification succeeds the command returns 0.
For examples, see step help crypto jwe.
pathto the JWE recipient’s private key. The argument should be the name of a file containing a private JWK (or a JWK encrypted as a JWE payload) or a PEM encoded private key (or a private key encrypted using the modes described on RFC 1423 or with PBES2+PBKDF2 described in RFC 2898).
- The JWK Set containing the recipient’s private key. The
jwksargument should be the name of a file. The file contents should be a JWK Set or a JWE with a JWK Set payload. The –jwks flag requires the use of the –kid flag to specify which key to use.
- The ID of the recipient’s private key.
kidis a case-sensitive string. When used with –key the
kidvalue must match the “kid” member of the JWK. When used with –jwks (a JWK Set) the KID value must match the “kid” member of one of the JWKs in the JWK Set.