version 1.0.0

Author: sgaunet

.gitignore

@@ -1,4 +1,7 @@
 .task
 dist
 log
-jwt-cli
+jwt-cli
+*pem
+*.pub
+*.key

README.md

@@ -12,14 +12,12 @@ Available Commands:
   completion  Generate the autocompletion script for the specified shell
   decode      decode JWT token
   encode      encode JWT token
+  genkeys     print commands example to generate keys for ES256, ES384, ES512, RS256, RS384, RS512
   help        Help about any command
-  methods     print list of signing methods
   version     print version of jwt-cli
 
 Flags:
-  -h, --help       help for jwt-cli
-      --m string   Signing Method 
-      --s string   JWT secret
+  -h, --help   help for jwt-cli
 
 Use "jwt-cli [command] --help" for more information about a command.
 ```
@@ -29,6 +27,12 @@ Supported methods are actually:
 * HS256
 * HS384
 * HS512
+* ES256
+* ES384
+* ES512
+* RS256
+* RS384
+* RS512
 
 
 # Install
@@ -45,6 +49,36 @@ brew tap sgaunet/tools
 brew install jwt-cli
 ```
 
+## Option 3: Docker image
+
+Possibility to copy the binary by using the docker image
+
+```
+FROM sgaunet/jwt-cli:latest as jwtcli
+
+FROM ....
+COPY --from jwtcli /jwt-cli /usr/bin/jwt-cli
+```
+
+# Getting started
+
+Quite easy, this tool will help you to encode/decode JWT tokens.
+
+```
+# encode
+$ jwt-cli encode hs512 --p '{ "email": "[email protected]" }' --s "myAwesomeSecret"
+eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng
+# try to decode with a wrong secret
+$ jwt-cli decode hs512 --s "wrong secret" --t "eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng"
+signature is invalid
+# decode with the good secret
+$ jwt-cli decode hs512 --s "myAwesomeSecret" --t "eyJhbGciOiJIUzUxMiIsInR
+5cCI6IkpXVCJ9.eyJlbWFpbCI6Im15ZW1haWxAbWUuY29tIn0.SE0u1AWrDTHv67PnUALZl8VQ-7rnSXBNDTCVT_Dj12FStO6hL0ak0i4imcUHpWBEh-c5oSc-H90prGQ0oZx6ng"
+{
+  "email": "[email protected]"
+}
+```
+
 # Development
 
 This project is using :
@@ -58,3 +92,47 @@ This project is using :
 
 The docker image is only created to simplify the copy of jwt-cli in another docker image.
 
+
+# Create keys
+
+## RS256
+
+```
+ssh-keygen -t rsa -b 4096 -E SHA256 -m PEM -P "" -f RS256.key
+openssl rsa -in RS256.key -pubout -outform PEM -out RS256.key.pub
+```
+
+## RS384
+
+```
+ssh-keygen -t rsa -b 4096 -E SHA384 -m PEM -P "" -f RS384.key
+openssl rsa -in RS384.key -pubout -outform PEM -out RS384.key.pub
+```
+
+## RS512
+
+```
+ssh-keygen -t rsa -b 4096 -E SHA512 -m PEM -P "" -f RS512.key
+openssl rsa -in RS512.key -pubout -outform PEM -out RS512.key.pub
+```
+
+## ES256
+
+```
+openssl ecparam -genkey -name prime256v1  -noout -out ecdsa-p256-private.pem
+openssl ec -in ecdsa-p256-private.pem -pubout -out ecdsa-p256-public.pem 
+```
+
+## ES384
+
+```
+openssl ecparam -name secp384r1 -genkey -noout -out jwtES384key.pem
+openssl ec -in jwtES384key.pem -pubout -out jwtES384pubkey.pem
+```
+
+## ES512
+
+```
+openssl ecparam -genkey -name secp521r1 -noout -out ecdsa-p521-private.pem
+openssl ec -in ecdsa-p521-private.pem -pubout -out ecdsa-p521-public.pem 
+```

Taskfile.yml

@@ -13,10 +13,24 @@ tasks:
     generates:
       - "{{.BINFILE}}"
 
+  install:
+    cmds:
+      - go get golang.org/x/tools/cmd/godoc
+
+  doc:
+    cmds:
+      - echo http://localhost:6060
+      - godoc -http=:6060
+  
   snapshot:
     cmds:
       - GITLAB_TOKEN="" goreleaser --clean --snapshot
 
   release:
     cmds:
       - GITLAB_TOKEN="" goreleaser --clean
+
+  tests:
+    dir: tests
+    cmds:
+      - venom run testsuite.yml --output-dir="log" --stop-on-failure

cmd/decode-es.go

@@ -0,0 +1,106 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/sgaunet/jwt-cli/pkg/cryptojwt"
+	"github.com/spf13/cobra"
+)
+
+var decodeES256Cmd = &cobra.Command{
+	Use:   "es256",
+	Short: "decode JWT token",
+	Long:  `decode JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var (
+			j   cryptojwt.Decoder
+			err error
+		)
+		if privateKeyFile == "" && publicKeyFile == "" {
+			fmt.Println("private key file or public key file is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if publicKeyFile != "" {
+			j = cryptojwt.NewES256DecoderWithPublicKeyFile(publicKeyFile)
+		} else {
+			j = cryptojwt.NewES256DecoderWithPrivateKeyFile(privateKeyFile)
+		}
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}
+
+var decodeES384Cmd = &cobra.Command{
+	Use:   "es384",
+	Short: "decode es384 JWT token",
+	Long:  `decode es384 JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var j cryptojwt.Decoder
+		if privateKeyFile == "" && publicKeyFile == "" {
+			fmt.Println("private key file or public key file is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if publicKeyFile != "" {
+			j = cryptojwt.NewES384DecoderWithPublicKeyFile(publicKeyFile)
+		} else {
+			j = cryptojwt.NewES384DecoderWithPrivateKeyFile(privateKeyFile)
+		}
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}
+
+var decodeES512Cmd = &cobra.Command{
+	Use:   "es512",
+	Short: "decode es512 JWT token",
+	Long:  `decode es512 JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var j cryptojwt.Decoder
+		if privateKeyFile == "" && publicKeyFile == "" {
+			fmt.Println("private key file or public key file is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if publicKeyFile != "" {
+			j = cryptojwt.NewES512DecoderWithPublicKeyFile(publicKeyFile)
+		} else {
+			j = cryptojwt.NewES512DecoderWithPrivateKeyFile(privateKeyFile)
+		}
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}

cmd/decode-hs.go

@@ -0,0 +1,89 @@
+package cmd
+
+import (
+	"fmt"
+	"os"
+
+	"github.com/sgaunet/jwt-cli/pkg/cryptojwt"
+
+	"github.com/spf13/cobra"
+)
+
+// encodeCmd represents the encode command
+var decodeHS256Cmd = &cobra.Command{
+	Use:   "hs256",
+	Short: "decode HS256 JWT token",
+	Long:  `decode HS256 JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var err error
+		if secret == "" {
+			fmt.Println("secret is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		j := cryptojwt.NewHS256Decoder([]byte(secret))
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}
+
+var decodeHS384Cmd = &cobra.Command{
+	Use:   "hs384",
+	Short: "decode HS384 JWT token",
+	Long:  `decode HS384 JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var err error
+		if secret == "" {
+			fmt.Println("secret is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		j := cryptojwt.NewHS384Decoder([]byte(secret))
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}
+
+var decodeHS512Cmd = &cobra.Command{
+	Use:   "hs512",
+	Short: "decode HS512 JWT token",
+	Long:  `decode HS512 JWT token`,
+	Run: func(cmd *cobra.Command, args []string) {
+		var err error
+		if secret == "" {
+			fmt.Println("secret is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		if token == "" {
+			fmt.Println("token is mandatory")
+			fmt.Println(cmd.UsageString())
+			os.Exit(1)
+		}
+		j := cryptojwt.NewHS512Decoder([]byte(secret))
+		t, err := j.Decode(token)
+		if err != nil {
+			fmt.Println(err)
+			os.Exit(1)
+		}
+		fmt.Println(t)
+	},
+}