git Service of IN-Ulm e.V. Explore Help
Sign In
cbiedl
/
jose
1
0
Fork 0
Files
Branch: master
Branches Tags
jose
/
doc
/
man
/
jose-jws-ver.1.adoc

jose-jws-ver.1.adoc 2.0 KB
Permalink History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182 
  1. jose-jws-ver(1)
    2. 

  2. ===============
    3. 

  3. :doctype: manpage
    4. 

  4. 

  5. == NAME
    6. 

  6. 

  7. jose-jws-ver - Verifies a JWS using the supplied JWKs
    8. 

  8. 

  9. == SYNOPSIS
    10. 

  10. 

  11. *jose jws ver* -i JWS [-I PAY] -k JWK [-a] [-O PAY]
    12. 

  12. 

  13. == OVERVIEW
    14. 

  14. 

  15. The *jose jws ver* command verifies a signature over a payload using one or
    16. 

  16. more JWKs. When specifying more than one JWK (*-k*), the program will succeed
    17. 

  17. when any of the provided JWKs successfully verify a signature. Alternatively,
    18. 

  18. if the *-a* option is given, the program will succeed only when all JWKs
    19. 

  19. successfully verify a signature.
    20. 

  20. 

  21. If the JWS is a detached JWS, meaning that the payload is stored in binary
    22. 

  22. form external to the JWS itself, the payload can be loaded using the *-I*
    23. 

  23. parameter.
    24. 

  24. 

  25. Please note that, when specifying the *-O* option to output the payload,
    26. 

  26. the payload is output whether or not the signature validates. Therefore,
    27. 

  27. you must check the return value of the command before trusting the data.
    28. 

  28. 

  29. == OPTIONS
    30. 

  30. 

  31. * *-i* _JSON_, *--input*=_JSON_ :
    32. 

  32.   Parse JWS from JSON
    33. 

  33. 

  34. * *-i* _FILE_, *--input*=_FILE_ :
    35. 

  35.   Read JWS from FILE
    36. 

  36. 

  37. * *-i* -, *--input*=- :
    38. 

  38.   Read JWS from standard input
    39. 

  39. 

  40. * *-I* _FILE_, *--detached*=_FILE_ :
    41. 

  41.   Read decoded payload from FILE
    42. 

  42. 

  43. * *-I* -, *--detached*=- :
    44. 

  44.   Read decoded payload from standard input
    45. 

  45. 

  46. * *-k* _FILE_, *--key*=_FILE_ :
    47. 

  47.   Read JWK(Set) from FILE
    48. 

  48. 

  49. * *-k* -, *--key*=- :
    50. 

  50.   Read JWK(Set) from standard input
    51. 

  51. 

  52. * *-O* _FILE_, *--detach*=_FILE_ :
    53. 

  53.   Decode payload to FILE
    54. 

  54. 

  55. * *-O* -, *--detach*=- :
    56. 

  56.   Decode payload to standard output
    57. 

  57. 

  58. * *-a*, *--all* :
    59. 

  59.   Ensure the JWS validates with all keys
    60. 

  60. 

  61. == EXAMPLES
    62. 

  62. 

  63. Verify a regular JWS and output the payload:
    64. 

  64. 

  65.     $ jose jws ver -i msg.jws -k key.jwk -O msg.txt
    66. 

  66. 

  67. Verify a detached JWS without outputting the payload:
    68. 

  68. 

  69.     $ jose jws ver -i msg.jws -I msg.txt -k key.jwk
    70. 

  70. 

  71. Ensure that a JWS is signed with all specified keys:
    72. 

  72. 

  73.     $ jose jws ver -i msg.jws -k ec.jwk -k rsa.jwk -a
    74. 

  74. 

  75. == AUTHOR
    76. 

  76. 

  77. Nathaniel McCallum <npmccallum@redhat.com>
    78. 

  78. 

  79. == SEE ALSO
    80. 

  80. 

  81. link:jose-jws-fmt.1.adoc[*jose-jws-fmt*(1)],
    82. 

  82. link:jose-jws-sig.1.adoc[*jose-jws-sig*(1)]
    83.