'\" t .\" Title: jose-jwk-use .\" Author: [see the "AUTHOR(S)" section] .\" Generator: Asciidoctor 2.0.16 .\" Manual: \ \& .\" Source: \ \& .\" Language: English .\" .TH "JOSE\-JWK\-USE" "1" "" "\ \&" "\ \&" .ie \n(.g .ds Aq \(aq .el .ds Aq ' .ss \n[.ss] 0 .nh .ad l .de URL \fI\\$2\fP <\\$1>\\$3 .. .als MTO URL .if \n[.g] \{\ . mso www.tmac . am URL . ad l . . . am MTO . ad l . . . LINKSTYLE blue R < > .\} .SH "NAME" jose-jwk-use \- Validates a key for the specified use(s) .SH "SYNOPSIS" .sp \fBjose jwk use\fP \-i JWK [\-a] [\-r] \-u OP .SH "OVERVIEW" .sp The \fBjose jwk use\fP command validates one or more JWK(Set) inputs for a given set of usages. This will be validated against the "use" and "key_ops" properties of each JWK. .sp By default, if a JWK has no restrictions an operation will be allowed. However, by specifying the \fB\-r\fP option you can ensure that a JWK will not be allowed unless it explicitly permits the option. .sp In normal operation, \fBjose jwk use\fP will fail if any of the JWKs do not validate. However, if the \fB\-o\fP option is used \fBjose jwk use\fP will instead write a JWK(Set) containing all of the input keys that validate. If no JWKs validate, the command will fail. .SH "OPTIONS" .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-i\fP \fIJSON\fP, \fB\-\-input\fP=\fIJSON\fP : Parse JWK(Set) from JSON .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-i\fP \fIFILE\fP, \fB\-\-input\fP=\fIFILE\fP : Read JWK(Set) from FILE .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-i\fP \-, \fB\-\-input\fP=\- : Read JWK(Set) standard input .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP sign, \fB\-\-use\fP=sign : Validate the key for signing .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP verify, \fB\-\-use\fP=verify : Validate the key for verifying .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP encrypt, \fB\-\-use\fP=encrypt : Validate the key for encrypting .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP decrypt, \fB\-\-use\fP=decrypt : Validate the key for decrypting .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP wrapKey, \fB\-\-use\fP=wrapKey : Validate the key for wrapping .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP unwrapKey, \fB\-\-use\fP=unwrapKey : Validate the key for unwrapping .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP deriveKey, \fB\-\-use\fP=deriveKey : Validate the key for deriving keys .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-u\fP deriveBits, \fB\-\-use\fP=deriveBits : Validate the key for deriving bits .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-a\fP, \fB\-\-all\fP : Succeeds only if all operations are allowed .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-r\fP, \fB\-\-required\fP : Operations must be explicitly allowed .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-o\fP \fIFILE\fP, \fB\-\-output\fP=\fIFILE\fP : Filter keys to FILE as JWK(Set) .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-o\fP \-, \fB\-\-output\fP=\- : Filter keys to standard output as JWK(Set) .RE .sp .RS 4 .ie n \{\ \h'-04'\(bu\h'+03'\c .\} .el \{\ . sp -1 . IP \(bu 2.3 .\} \fB\-s\fP, \fB\-\-set\fP : Always output a JWKSet .RE .SH "EXAMPLES" .sp Examples of both success and failure from a private and public key: .sp .if n .RS 4 .nf .fam C $ jose jwk gen \-i \*(Aq{"alg":"ES256"}\*(Aq \-o prv.jwk $ jose jwk pub \-i prv.jwk \-o pub.jwk $ jose jwk use \-i prv.jwk \-u sign $ echo $? 0 $ jose jwk use \-i pub.jwk \-u sign $ echo $? 1 .fam .fi .if n .RE .SH "AUTHOR" .sp Nathaniel McCallum \c .MTO "npmccallum\(atredhat.com" "" "" .SH "SEE ALSO" .sp .URL "jose\-jwk\-gen.1.adoc" "\fBjose\-jwk\-gen\fP(1)" ""