clevis-8-1.fc27.x86_64 $ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "jwk+json" }' | clevis decrypt Invalid key! Usage: jose jwe dec -i JWE [-I CT] -k JWK [-p] [-O PT] Decrypts a JWE using the supplied JWKs and outputs plaintext -i JSON --input=JSON Parse JWE from JSON -i FILE --input=FILE Read JWE from FILE -i - --input=- Read JWE from standard input -I FILE --detached=FILE Read decoded ciphertext from FILE -I - --detached=- Read decoded ciphertext from standard input -p --password Prompt for a decryption password, if necessary -k FILE --key=FILE Read JWK(Set) from FILE -k - --key=- Read JWK(Set) from standard input -O JSON --detach=JSON Parse JWE from JSON -O FILE --detach=FILE Read JWE from FILE -O - --detach=- Read JWE from standard input Default: "-" "octet-stream" works fine: $ echo foo | clevis encrypt http '{ "url": "http://192.168.100.1:8888", "http": true, "type": "octet-stream" }' | clevis decrypt foo Hopefully fixed by https://github.com/latchset/clevis/pull/47
We have removed this pin upstream.