jose-jwk-use man page

jose-jwk-use — Validates a key for the specified use(s)


jose jwk use -i JWK [-a] [-r] -u OP


The jose jwk use command validates one or more JWK(Set) inputs for a given set of usages. This will be validated against the "use" and "key_ops" properties of each JWK.

By default, if a JWK has no restrictions an operation will be allowed. However, by specifying the -r option you can ensure that a JWK will not be allowed unless it explicitly permits the option.

In normal operation, jose jwk use will fail if any of the JWKs do not validate. However, if the -o option is used jose jwk use will instead write a JWK(Set) containing all of the input keys that validate. If no JWKs validate, the command will fail.


-i JSON, --input=JSON

Parse JWK(Set) from JSON

-i FILE, --input=FILE

Read JWK(Set) from FILE

-i -, --input=-

Read JWK(Set) standard input

-u sign, --use=sign

Validate the key for signing

-u verify, --use=verify

Validate the key for verifying

-u encrypt, --use=encrypt

Validate the key for encrypting

-u decrypt, --use=decrypt

Validate the key for decrypting

-u wrapKey, --use=wrapKey

Validate the key for wrapping

-u unwrapKey, --use=unwrapKey

Validate the key for unwrapping

-u deriveKey, --use=deriveKey

Validate the key for deriving keys

-u deriveBits, --use=deriveBits

Validate the key for deriving bits

-a, --all

Succeeds only if all operations are allowed

-r, --required

Operations must be explicitly allowed

-o FILE, --output=FILE

Filter keys to FILE as JWK(Set)

-o -, --output=-

Filter keys to standard output as JWK(Set)

-s, --set

Always output a JWKSet


Examples of both success and failure from a private and public key:

$ jose jwk gen -i ´{"alg":"ES256"}´ -o prv.jwk
$ jose jwk pub -i prv.jwk -o pub.jwk
$ jose jwk use -i prv.jwk -u sign
$ echo $?
$ jose jwk use -i pub.jwk -u sign
$ echo $?


Nathaniel McCallum <>

See Also


Referenced By

jose(1), jose-jwk-gen(1), jose-jwk-pub(1).

June 2017