'\" t
.\" Title: jose-jwk-use
.\" Author: [see the "AUTHOR" section]
.\" Generator: DocBook XSL Stylesheets vsnapshot
.\" Date: 11/01/2022
.\" Manual: \ \&
.\" Source: \ \&
.\" Language: English
.\"
.TH "JOSE\-JWK\-USE" "1" "11/01/2022" "\ \&" "\ \&"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
jose-jwk-use \- Validates a key for the specified use(s)
.SH "SYNOPSIS"
.sp
\fBjose jwk use\fR \-i JWK [\-a] [\-r] \-u OP
.SH "OVERVIEW"
.sp
The \fBjose jwk use\fR command validates one or more JWK(Set) inputs for a given set of usages\&. This will be validated against the "use" and "key_ops" properties of each JWK\&.
.sp
By default, if a JWK has no restrictions an operation will be allowed\&. However, by specifying the \fB\-r\fR option you can ensure that a JWK will not be allowed unless it explicitly permits the option\&.
.sp
In normal operation, \fBjose jwk use\fR will fail if any of the JWKs do not validate\&. However, if the \fB\-o\fR option is used \fBjose jwk use\fR will instead write a JWK(Set) containing all of the input keys that validate\&. If no JWKs validate, the command will fail\&.
.SH "OPTIONS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\fIJSON\fR,
\fB\-\-input\fR=\fIJSON\fR
: Parse JWK(Set) from JSON
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\fIFILE\fR,
\fB\-\-input\fR=\fIFILE\fR
: Read JWK(Set) from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-i\fR
\-,
\fB\-\-input\fR=\- : Read JWK(Set) standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
sign,
\fB\-\-use\fR=sign : Validate the key for signing
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
verify,
\fB\-\-use\fR=verify : Validate the key for verifying
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
encrypt,
\fB\-\-use\fR=encrypt : Validate the key for encrypting
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
decrypt,
\fB\-\-use\fR=decrypt : Validate the key for decrypting
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
wrapKey,
\fB\-\-use\fR=wrapKey : Validate the key for wrapping
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
unwrapKey,
\fB\-\-use\fR=unwrapKey : Validate the key for unwrapping
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
deriveKey,
\fB\-\-use\fR=deriveKey : Validate the key for deriving keys
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-u\fR
deriveBits,
\fB\-\-use\fR=deriveBits : Validate the key for deriving bits
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-a\fR,
\fB\-\-all\fR
: Succeeds only if all operations are allowed
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-r\fR,
\fB\-\-required\fR
: Operations must be explicitly allowed
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-o\fR
\fIFILE\fR,
\fB\-\-output\fR=\fIFILE\fR
: Filter keys to FILE as JWK(Set)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-o\fR
\-,
\fB\-\-output\fR=\- : Filter keys to standard output as JWK(Set)
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.sp -1
.IP \(bu 2.3
.\}
\fB\-s\fR,
\fB\-\-set\fR
: Always output a JWKSet
.RE
.SH "EXAMPLES"
.sp
Examples of both success and failure from a private and public key:
.sp
.if n \{\
.RS 4
.\}
.nf
$ jose jwk gen \-i \*(Aq{"alg":"ES256"}\*(Aq \-o prv\&.jwk
$ jose jwk pub \-i prv\&.jwk \-o pub\&.jwk
$ jose jwk use \-i prv\&.jwk \-u sign
$ echo $?
0
$ jose jwk use \-i pub\&.jwk \-u sign
$ echo $?
1
.fi
.if n \{\
.RE
.\}
.SH "AUTHOR"
.sp
Nathaniel McCallum
.SH "SEE ALSO"
.sp
\fBjose\-jwk\-gen\fR(1)