1JOSE-JWS-VER(1) JOSE-JWS-VER(1)
2
6 jose-jws-ver - Verifies a JWS using the supplied JWKs
7
9 jose jws ver -i JWS [-I PAY] -k JWK [-a] [-O PAY]
10
12 The jose jws ver command verifies a signature over a payload using one
13 or more JWKs. When specifying more than one JWK (-k), the program will
14 succeed when any of the provided JWKs successfully verify a signature.
15 Alternatively, if the -a option is given, the program will succeed only
16 when all JWKs successfully verify a signature.
17 If the JWS is a detached JWS, meaning that the payload is stored in
19 binary form external to the JWS itself, the payload can be loaded using
20 the -I parameter.
21 Please note that, when specifying the -O option to output the payload,
23 the payload is output whether or not the signature validates. Thereā
24 fore, you must check the return value of the command before trusting
25 the data.
26
28 -i JSON, --input=JSON
29 Parse JWS from JSON
30 -i FILE, --input=FILE
32 Read JWS from FILE
33 -i -, --input=-
35 Read JWS from standard input
36 -I FILE, --detached=FILE
38 Read decoded payload from FILE
39 -I -, --detached=-
41 Read decoded payload from standard input
42 -k FILE, --key=FILE
44 Read JWK(Set) from FILE
45 -k -, --key=-
47 Read JWK(Set) from standard input
48 -O FILE, --detach=FILE
50 Decode payload to FILE
51 -O -, --detach=-
53 Decode payload to standard output
54 -a, --all
56 Ensure the JWS validates with all keys
57
59 Verify a regular JWS and output the payload:
60 $ jose jws ver -i msg.jws -k key.jwk -O msg.txt
64 Verify a detached JWS without outputting the payload:
68 $ jose jws ver -i msg.jws -I msg.txt -k key.jwk
72 Ensure that a JWS is signed with all specified keys:
76 $ jose jws ver -i msg.jws -k ec.jwk -k rsa.jwk -a
80
84 Nathaniel McCallum <npmccallum@redhat.com>
85
87 jose-jws-fmt(1), jose-jws-sig(1)
88 May 2017 JOSE-JWS-VER(1)