DOKK / manpages / debian 12 / jose / jose-jwk-pub.1.en
JOSE-JWK-PUB(1)   JOSE-JWK-PUB(1)

jose-jwk-pub - Cleans private keys from a JWK

jose jwk pub -i JWK [-o JWK]

The jose jwk pub command removes all private key material from one or more JWK(Set) inputs. The output will contain only public key material.

If the JWK contains the "key_ops" property, it will be automatically adjusted to include only operations relevant to public keys.

-i JSON, --input=JSON : Parse JWK(Set) from JSON

-i FILE, --input=FILE : Read JWK(Set) from FILE

-i -, --input=- : Read JWK(Set) from standard input

-o FILE, --output=FILE : Write JWK(Set) to FILE

-o -, --output=- : Write JWK(Set) to standard input

-s, --set : Always output a JWKSet

Clean private key material from a JWK:

$ jose jwk gen -i '{"alg":"ES256"}' -o prv.jwk
$ cat prv.jwk
{"alg":"ES256","crv":"P-256","key_ops":["sign","verify"],"kty":"EC", ...}
$ jose jwk pub -i prv.jwk -o pub.jwk
$ cat pub.jwk
{"alg":"ES256","crv":"P-256","key_ops":["verify"],"kty":"EC", ...}

Nathaniel McCallum <npmccallum@redhat.com>

jose-alg(1) <jose-alg.1.adoc>, jose-jwe-enc(1) <jose-jwe-enc.1.adoc>, jose-jwk-exc(1) <jose-jwk-exc.1.adoc>, jose-jwk-gen(1) <jose-jwk-gen.1.adoc>, jose-jwk-thp(1) <jose-jwk-thp.1.adoc>, jose-jwk-use(1) <jose-jwk-use.1.adoc>, jose-jws-ver(1) <jose-jws-ver.1.adoc>