Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crypto nacl box open
Name
step crypto nacl box open -- authenticate and decrypt a box produced by seal
Usage
step crypto nacl box open <nonce> <sender-pub-key> <priv-key>
[--raw]
Description
Authenticate and decrypt a box produced by seal using the specified KEY. If PRIV_KEY is encrypted you will be prompted for the password. The sealed box is read from STDIN and the decrypted plaintext is written to STDOUT.
This command uses an implementation of NaCl's crypto_box_open function.
For examples, see step help crypto nacl box.
Positional arguments
nonce
The nonce provided when the box was sealed.
To use a binary nonce use the prefix 'base64:' and the standard base64 encoding. e.g. base64:081D3pFPBkwx1bURR9HQjiYbAUxigo0Z
sender-pub-key
The path to the public key of the peer that produced the sealed box.
priv-key
The path to the private key used to open the box.
Options
--raw Indicates that input is not base64 encoded
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.