1
0

jose-jwk-use.1.adoc 2.2 KB

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697
  1. jose-jwk-use(1)
  2. ===============
  3. :doctype: manpage
  4. == NAME
  5. jose-jwk-use - Validates a key for the specified use(s)
  6. == SYNOPSIS
  7. *jose jwk use* -i JWK [-a] [-r] -u OP
  8. == OVERVIEW
  9. The *jose jwk use* command validates one or more JWK(Set) inputs for a given
  10. set of usages. This will be validated against the "use" and "key_ops"
  11. properties of each JWK.
  12. By default, if a JWK has no restrictions an operation will be allowed.
  13. However, by specifying the *-r* option you can ensure that a JWK will not
  14. be allowed unless it explicitly permits the option.
  15. In normal operation, *jose jwk use* will fail if any of the JWKs do not
  16. validate. However, if the *-o* option is used *jose jwk use* will instead
  17. write a JWK(Set) containing all of the input keys that validate. If no JWKs
  18. validate, the command will fail.
  19. == OPTIONS
  20. * *-i* _JSON_, *--input*=_JSON_ :
  21. Parse JWK(Set) from JSON
  22. * *-i* _FILE_, *--input*=_FILE_ :
  23. Read JWK(Set) from FILE
  24. * *-i* -, *--input*=- :
  25. Read JWK(Set) standard input
  26. * *-u* sign, *--use*=sign :
  27. Validate the key for signing
  28. * *-u* verify, *--use*=verify :
  29. Validate the key for verifying
  30. * *-u* encrypt, *--use*=encrypt :
  31. Validate the key for encrypting
  32. * *-u* decrypt, *--use*=decrypt :
  33. Validate the key for decrypting
  34. * *-u* wrapKey, *--use*=wrapKey :
  35. Validate the key for wrapping
  36. * *-u* unwrapKey, *--use*=unwrapKey :
  37. Validate the key for unwrapping
  38. * *-u* deriveKey, *--use*=deriveKey :
  39. Validate the key for deriving keys
  40. * *-u* deriveBits, *--use*=deriveBits :
  41. Validate the key for deriving bits
  42. * *-a*, *--all* :
  43. Succeeds only if all operations are allowed
  44. * *-r*, *--required* :
  45. Operations must be explicitly allowed
  46. * *-o* _FILE_, *--output*=_FILE_ :
  47. Filter keys to FILE as JWK(Set)
  48. * *-o* -, *--output*=- :
  49. Filter keys to standard output as JWK(Set)
  50. * *-s*, *--set* :
  51. Always output a JWKSet
  52. == EXAMPLES
  53. Examples of both success and failure from a private and public key:
  54. $ jose jwk gen -i '{"alg":"ES256"}' -o prv.jwk
  55. $ jose jwk pub -i prv.jwk -o pub.jwk
  56. $ jose jwk use -i prv.jwk -u sign
  57. $ echo $?
  58. 0
  59. $ jose jwk use -i pub.jwk -u sign
  60. $ echo $?
  61. 1
  62. == AUTHOR
  63. Nathaniel McCallum <npmccallum@redhat.com>
  64. == SEE ALSO
  65. link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)]