git Service のサービス IN-Ulm e.V. エクスプローラ ヘルプ
サインイン
cbiedl
/
jose
1
0
フォーク 0
ファイル
ツリー: 96785d4df4
ブランチ タグ
jose
/
doc
/
man
/
jose-jwk-use.1.adoc

jose-jwk-use.1.adoc 2.2 KB
履歴 Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091929394959697 
  1. jose-jwk-use(1)
    2. 

  2. ===============
    3. 

  3. :doctype: manpage
    4. 

  4. 

  5. == NAME
    6. 

  6. 

  7. jose-jwk-use - Validates a key for the specified use(s)
    8. 

  8. 

  9. == SYNOPSIS
    10. 

  10. 

  11. *jose jwk use* -i JWK [-a] [-r] -u OP
    12. 

  12. 

  13. == OVERVIEW
    14. 

  14. 

  15. The *jose jwk use* command validates one or more JWK(Set) inputs for a given
    16. 

  16. set of usages. This will be validated against the "use" and "key_ops"
    17. 

  17. properties of each JWK.
    18. 

  18. 

  19. By default, if a JWK has no restrictions an operation will be allowed.
    20. 

  20. However, by specifying the *-r* option you can ensure that a JWK will not
    21. 

  21. be allowed unless it explicitly permits the option.
    22. 

  22. 

  23. In normal operation, *jose jwk use* will fail if any of the JWKs do not
    24. 

  24. validate. However, if the *-o* option is used *jose jwk use* will instead
    25. 

  25. write a JWK(Set) containing all of the input keys that validate. If no JWKs
    26. 

  26. validate, the command will fail.
    27. 

  27. 

  28. == OPTIONS
    29. 

  29. 

  30. * *-i* _JSON_, *--input*=_JSON_ :
    31. 

  31.   Parse JWK(Set) from JSON
    32. 

  32. 

  33. * *-i* _FILE_, *--input*=_FILE_ :
    34. 

  34.   Read JWK(Set) from FILE
    35. 

  35. 

  36. * *-i* -, *--input*=- :
    37. 

  37.   Read JWK(Set) standard input
    38. 

  38. 

  39. * *-u* sign, *--use*=sign :
    40. 

  40.   Validate the key for signing
    41. 

  41. 

  42. * *-u* verify, *--use*=verify :
    43. 

  43.   Validate the key for verifying
    44. 

  44. 

  45. * *-u* encrypt, *--use*=encrypt :
    46. 

  46.   Validate the key for encrypting
    47. 

  47. 

  48. * *-u* decrypt, *--use*=decrypt :
    49. 

  49.   Validate the key for decrypting
    50. 

  50. 

  51. * *-u* wrapKey, *--use*=wrapKey :
    52. 

  52.   Validate the key for wrapping
    53. 

  53. 

  54. * *-u* unwrapKey, *--use*=unwrapKey :
    55. 

  55.   Validate the key for unwrapping
    56. 

  56. 

  57. * *-u* deriveKey, *--use*=deriveKey :
    58. 

  58.   Validate the key for deriving keys
    59. 

  59. 

  60. * *-u* deriveBits, *--use*=deriveBits :
    61. 

  61.   Validate the key for deriving bits
    62. 

  62. 

  63. * *-a*, *--all* :
    64. 

  64.   Succeeds only if all operations are allowed
    65. 

  65. 

  66. * *-r*, *--required* :
    67. 

  67.   Operations must be explicitly allowed
    68. 

  68. 

  69. * *-o* _FILE_, *--output*=_FILE_ :
    70. 

  70.   Filter keys to FILE as JWK(Set)
    71. 

  71. 

  72. * *-o* -, *--output*=- :
    73. 

  73.   Filter keys to standard output as JWK(Set)
    74. 

  74. 

  75. * *-s*, *--set* :
    76. 

  76.   Always output a JWKSet
    77. 

  77. 

  78. == EXAMPLES
    79. 

  79. 

  80. Examples of both success and failure from a private and public key:
    81. 

  81. 

  82.     $ jose jwk gen -i '{"alg":"ES256"}' -o prv.jwk
    83. 

  83.     $ jose jwk pub -i prv.jwk -o pub.jwk
    84. 

  84.     $ jose jwk use -i prv.jwk -u sign
    85. 

  85.     $ echo $?
    86. 

  86.     0
    87. 

  87.     $ jose jwk use -i pub.jwk -u sign
    88. 

  88.     $ echo $?
    89. 

  89.     1
    90. 

  90. 

  91. == AUTHOR
    92. 

  92. 

  93. Nathaniel McCallum <npmccallum@redhat.com>
    94. 

  94. 

  95. == SEE ALSO
    96. 

  96. 

  97. link:jose-jwk-gen.1.adoc[*jose-jwk-gen*(1)]
    98.