Removed key line offset bug and changed pin from clevis to zlevis.

src/zlevis-decrypt

@@ -64,36 +64,36 @@ fi
 echo "$jhd" > "$tmp"/jhd
 
 # Validate the JWE pin type
-if [ "$(jose fmt -j- -Og clevis -g pin -u- < "$tmp"/jhd)" != "tpm2" ]; then
+if [ "$(jose fmt -j- -Og zlevis -g pin -u- < "$tmp"/jhd)" != "tpm2" ]; then
     echo "JWE pin mismatch" >&2
     exit 1
 fi
 
 # Extract required parameters from the JWE header
-if ! hash="$(jose fmt -j- -Og clevis -g tpm2 -g hash -Su- < "$tmp"/jhd)"; then
+if ! hash="$(jose fmt -j- -Og zlevis -g tpm2 -g hash -Su- < "$tmp"/jhd)"; then
     echo "JWE missing required 'hash' header parameter!" >&2
     exit 1
 fi
-if ! key="$(jose fmt -j- -Og clevis -g tpm2 -g key -Su- < "$tmp"/jhd)"; then
+if ! key="$(jose fmt -j- -Og zlevis -g tpm2 -g key -Su- < "$tmp"/jhd)"; then
     echo "JWE missing required 'key' header parameter!" >&2
     exit 1
 fi
-if ! jwk_pub="$(jose fmt -j- -Og clevis -g tpm2 -g jwk_pub -Su- < "$tmp"/jhd)"; then
+if ! jwk_pub="$(jose fmt -j- -Og zlevis -g tpm2 -g jwk_pub -Su- < "$tmp"/jhd)"; then
     echo "JWE missing required 'jwk_pub' header parameter!" >&2
     exit 1
 fi
 echo "$jwk_pub" > "$tmp"/jwk_pub
-if ! jwk_priv="$(jose fmt -j- -Og clevis -g tpm2 -g jwk_priv -Su- < "$tmp"/jhd)"; then
+if ! jwk_priv="$(jose fmt -j- -Og zlevis -g tpm2 -g jwk_priv -Su- < "$tmp"/jhd)"; then
     echo "JWE missing required 'jwk_priv' header parameter!" >&2
     exit 1
 fi
 echo "$jwk_priv" > "$tmp"/jwk_priv
 
 # Handle optional PCR parameters
-pcr_ids="$(jose fmt -j- -Og clevis -g tpm2 -g pcr_ids -Su- < "$tmp"/jhd)" || true
+pcr_ids="$(jose fmt -j- -Og zlevis -g tpm2 -g pcr_ids -Su- < "$tmp"/jhd)" || true
 pcr_spec=""
 if [ -n "$pcr_ids" ]; then
-    pcr_bank="$(jose fmt -j- -Og clevis -g tpm2 -g pcr_bank -Su- < "$tmp"/jhd)"
+    pcr_bank="$(jose fmt -j- -Og zlevis -g tpm2 -g pcr_bank -Su- < "$tmp"/jhd)"
     pcr_spec="$pcr_bank:$pcr_ids"
 fi
 

src/zlevis-encrypt

@@ -216,22 +216,22 @@ if ! jwk_priv="$(jose b64 enc -I "$tmp"/jwk.priv)"; then
 fi
 
 # Construct the JWE (JSON Web Encryption) structure
-jwe='{"protected":{"clevis":{"pin":"tpm2","tpm2":{}}}}'
+jwe='{"protected":{"zlevis":{"pin":"tpm2","tpm2":{}}}}'
-jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$hash" -s hash -UUUUo-)"
+jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$hash" -s hash -UUUUo-)"
-jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$key" -s key -UUUUo-)"
+jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$key" -s key -UUUUo-)"
 
 # Include PCR bank and IDs in the JWE if they are provided
 if [ -n "$pcr_ids" ]; then
-    jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_bank" -s pcr_bank -UUUUo-)"
+    jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$pcr_bank" -s pcr_bank -UUUUo-)"
-    jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$pcr_ids" -s pcr_ids -UUUUo-)"
+    jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$pcr_ids" -s pcr_ids -UUUUo-)"
 fi
 
 # Add the Base64 encoded JWK public and private keys to the JWE
-jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_pub" -s jwk_pub -UUUUo-)"
+jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$jwk_pub" -s jwk_pub -UUUUo-)"
-jwe="$(jose fmt -j "$jwe" -g protected -g clevis -g tpm2 -q "$jwk_priv" -s jwk_priv -UUUUo-)"
+jwe="$(jose fmt -j "$jwe" -g protected -g zlevis -g tpm2 -q "$jwk_priv" -s jwk_priv -UUUUo-)"
 
 # Output the final JWE
-(echo "$jwe$jwk"; /bin/cat) | jose jwe enc -i- -k- -I- -c
+(echo "$jwe$jwk$(/bin/cat)") | jose jwe enc -i- -k- -I- -c
 
 # Exit with the status of the last command
 exit $?