Menu
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
Products
Open Source
- Configure popular ACME clients to use a private CA
- Use Kubernetes cert-manager with
step-ca - Issue X.509 host certificates to cloud VMs
- Issue X.509 user certificates via your identity provider
- Create a CA that uses RSA keys
- Import an existing root or intermediate CA into
step-ca - Use Keycloak to issue SSH certificates with step-ca
- Run an SSH CA and connect to VMs using SSH certificates
- Use AWS to deploy a certificate authority and secure microservices
- Run
step-cain a Docker container - Federate multiple autonomous certificate authorities
step crypto nacl box seal
Name
step crypto nacl box seal -- produce an authenticated and encrypted ciphertext
Usage
step crypto nacl box seal <nonce> <recipient-pub-key> <priv-key>
[--raw]
Description
Reads plaintext from STDIN and writes an encrypted and authenticated
ciphertext to STDOUT. The "box" can be open by the a recipient who has access
to the private key corresponding to recipient-pub-key.
This command uses an implementation of NaCl's crypto_box function.
For examples, see step help crypto nacl box.
Positional arguments
nonce
Must be unique for each distinct message for a given pair of keys.
To use a binary nonce use the prefix 'base64:' and the standard base64 encoding. e.g. base64:081D3pFPBkwx1bURR9HQjiYbAUxigo0Z
recipient-pub-key
The path to the public key of the intended recipient of the sealed box.
priv-key
The path to the private key used for authentication.
Options
--raw Do not base64 encode output
Subscribe to updates
Unsubscribe anytime. See our privacy policy.
© 2023 Smallstep Labs, Inc. All rights reserved.