jose-jwk-use(1)
===============
:doctype: manpage

== NAME

jose-jwk-use - Validates a key for the specified use(s)

== SYNOPSIS

*jose jwk use* -i JWK [-a] [-r] -u OP

== OVERVIEW

The *jose jwk use* command validates one or more JWK(Set) inputs for a given
set of usages. This will be validated against the "use" and "key_ops"
properties of each JWK.

By default, if a JWK has no restrictions an operation will be allowed.
However, by specifying the *-r* option you can ensure that a JWK will not
be allowed unless it explicitly permits the option.

In normal operation, *jose jwk use* will fail if any of the JWKs do not
validate. However, if the *-o* option is used *jose jwk use* will instead
write a JWK(Set) containing all of the input keys that validate. If no JWKs
validate, the command will fail.

== OPTIONS

* *-i* _JSON_, *--input*=_JSON_ :
  Parse JWK(Set) from JSON

* *-i* _FILE_, *--input*=_FILE_ :
  Read JWK(Set) from FILE

* *-i* -, *--input*=- :
  Read JWK(Set) standard input

* *-u* sign, *--use*=sign :
  Validate the key for signing

* *-u* verify, *--use*=verify :
  Validate the key for verifying

* *-u* encrypt, *--use*=encrypt :
  Validate the key for encrypting

* *-u* decrypt, *--use*=decrypt :
  Validate the key for decrypting

* *-u* wrapKey, *--use*=wrapKey :
  Validate the key for wrapping

* *-u* unwrapKey, *--use*=unwrapKey :
  Validate the key for unwrapping

* *-u* deriveKey, *--use*=deriveKey :
  Validate the key for deriving keys

* *-u* deriveBits, *--use*=deriveBits :
  Validate the key for deriving bits

* *-a*, *--all* :
  Succeeds only if all operations are allowed

* *-r*, *--required* :
  Operations must be explicitly allowed

* *-o* _FILE_, *--output*=_FILE_ :
  Filter keys to FILE as JWK(Set)

* *-o* -, *--output*=- :
  Filter keys to standard output as JWK(Set)

* *-s*, *--set* :
  Always output a JWKSet

== EXAMPLES

Examples of both success and failure from a private and public key:

    $ jose jwk gen -i '{"alg":"ES256"}' -o prv.jwk
    $ jose jwk pub -i prv.jwk -o pub.jwk
    $ jose jwk use -i prv.jwk -u sign
    $ echo $?
    0
    $ jose jwk use -i pub.jwk -u sign
    $ echo $?
    1

== AUTHOR

Nathaniel McCallum <npmccallum@redhat.com>

== SEE ALSO

link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)]