jose-jwk-use − Validates a key for the specified use(s)
jose jwk use −i JWK [−a] [−r] −u OP
The jose jwk use command validates one or more JWK(Set) inputs for a given set of usages. This will be validated against the "use" and "key_ops" properties of each JWK.
By default, if a JWK has no restrictions an operation will be allowed. However, by specifying the −r option you can ensure that a JWK will not be allowed unless it explicitly permits the option.
In normal operation, jose jwk use will fail if any of the JWKs do not validate. However, if the −o option is used jose jwk use will instead write a JWK(Set) containing all of the input keys that validate. If no JWKs validate, the command will fail.
• −i JSON, −−input=JSON : Parse JWK(Set) from JSON
• −i FILE, −−input=FILE : Read JWK(Set) from FILE
• −i −, −−input=− : Read JWK(Set) standard input
• −u sign, −−use=sign : Validate the key for signing
• −u verify, −−use=verify : Validate the key for verifying
• −u encrypt, −−use=encrypt : Validate the key for encrypting
• −u decrypt, −−use=decrypt : Validate the key for decrypting
• −u wrapKey, −−use=wrapKey : Validate the key for wrapping
• −u unwrapKey, −−use=unwrapKey : Validate the key for unwrapping
• −u deriveKey, −−use=deriveKey : Validate the key for deriving keys
• −u deriveBits, −−use=deriveBits : Validate the key for deriving bits
• −a, −−all : Succeeds only if all operations are allowed
• −r, −−required : Operations must be explicitly allowed
• −o FILE, −−output=FILE : Filter keys to FILE as JWK(Set)
• −o −, −−output=− : Filter keys to standard output as JWK(Set)
• −s, −−set : Always output a JWKSet
Examples of both success and failure from a private and public key:
$ jose jwk gen
−i '{"alg":"ES256"}' −o
prv.jwk
$ jose jwk pub −i prv.jwk −o pub.jwk
$ jose jwk use −i prv.jwk −u sign
$ echo $?
0
$ jose jwk use −i pub.jwk −u sign
$ echo $?
1
Nathaniel McCallum <[email protected] [1] >
jose−jwk−gen(1) [2]