DOKK / manpages / debian 12 / jose / jose-jwk-use.1.en
JOSE-JWK-USE(1)   JOSE-JWK-USE(1)

jose-jwk-use - Validates a key for the specified use(s)

jose jwk use -i JWK [-a] [-r] -u OP

The jose jwk use command validates one or more JWK(Set) inputs for a given set of usages. This will be validated against the "use" and "key_ops" properties of each JWK.

By default, if a JWK has no restrictions an operation will be allowed. However, by specifying the -r option you can ensure that a JWK will not be allowed unless it explicitly permits the option.

In normal operation, jose jwk use will fail if any of the JWKs do not validate. However, if the -o option is used jose jwk use will instead write a JWK(Set) containing all of the input keys that validate. If no JWKs validate, the command will fail.

-i JSON, --input=JSON : Parse JWK(Set) from JSON

-i FILE, --input=FILE : Read JWK(Set) from FILE

-i -, --input=- : Read JWK(Set) standard input

-u sign, --use=sign : Validate the key for signing

-u verify, --use=verify : Validate the key for verifying

-u encrypt, --use=encrypt : Validate the key for encrypting

-u decrypt, --use=decrypt : Validate the key for decrypting

-u wrapKey, --use=wrapKey : Validate the key for wrapping

-u unwrapKey, --use=unwrapKey : Validate the key for unwrapping

-u deriveKey, --use=deriveKey : Validate the key for deriving keys

-u deriveBits, --use=deriveBits : Validate the key for deriving bits

-a, --all : Succeeds only if all operations are allowed

-r, --required : Operations must be explicitly allowed

-o FILE, --output=FILE : Filter keys to FILE as JWK(Set)

-o -, --output=- : Filter keys to standard output as JWK(Set)

-s, --set : Always output a JWKSet

Examples of both success and failure from a private and public key:

$ jose jwk gen -i '{"alg":"ES256"}' -o prv.jwk
$ jose jwk pub -i prv.jwk -o pub.jwk
$ jose jwk use -i prv.jwk -u sign
$ echo $?
0
$ jose jwk use -i pub.jwk -u sign
$ echo $?
1

Nathaniel McCallum <npmccallum@redhat.com>

jose-jwk-gen(1) <jose-jwk-gen.1.adoc>