1JOSE-JWS-VER(1) JOSE-JWS-VER(1)
2
6 jose-jws-ver - Verifies a JWS using the supplied JWKs
7
9 jose jws ver -i JWS [-I PAY] -k JWK [-a] [-O PAY]
10
12 The jose jws ver command verifies a signature over a payload using one
13 or more JWKs. When specifying more than one JWK (-k), the program will
14 succeed when any of the provided JWKs successfully verify a signature.
15 Alternatively, if the -a option is given, the program will succeed only
16 when all JWKs successfully verify a signature.
17 If the JWS is a detached JWS, meaning that the payload is stored in
19 binary form external to the JWS itself, the payload can be loaded using
20 the -I parameter.
21 Please note that, when specifying the -O option to output the payload,
23 the payload is output whether or not the signature validates.
24 Therefore, you must check the return value of the command before
25 trusting the data.
26
28 • -i JSON, --input=JSON : Parse JWS from JSON
29 • -i FILE, --input=FILE : Read JWS from FILE
31 • -i -, --input=- : Read JWS from standard input
33 • -I FILE, --detached=FILE : Read decoded payload from FILE
35 • -I -, --detached=- : Read decoded payload from standard input
37 • -k FILE, --key=FILE : Read JWK(Set) from FILE
39 • -k -, --key=- : Read JWK(Set) from standard input
41 • -O FILE, --detach=FILE : Decode payload to FILE
43 • -O -, --detach=- : Decode payload to standard output
45 • -a, --all : Ensure the JWS validates with all keys
47
49 Verify a regular JWS and output the payload:
50 $ jose jws ver -i msg.jws -k key.jwk -O msg.txt
52 Verify a detached JWS without outputting the payload:
54 $ jose jws ver -i msg.jws -I msg.txt -k key.jwk
56 Ensure that a JWS is signed with all specified keys:
58 $ jose jws ver -i msg.jws -k ec.jwk -k rsa.jwk -a
60
62 Nathaniel McCallum <npmccallum@redhat.com>
63
65 jose-jws-fmt(1), jose-jws-sig(1)
66 01/19/2023 JOSE-JWS-VER(1)