'\" t
.\"     Title: jose-jws-ver
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.20
.\"    Manual: \ \&
.\"    Source: \ \&
.\"  Language: English
.\"
.TH "JOSE\-JWS\-VER" "1" "" "\ \&" "\ \&"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
jose-jws-ver \- Verifies a JWS using the supplied JWKs
.SH "SYNOPSIS"
.sp
\fBjose jws ver\fP \-i JWS [\-I PAY] \-k JWK [\-a] [\-O PAY]
.SH "OVERVIEW"
.sp
The \fBjose jws ver\fP command verifies a signature over a payload using one or
more JWKs. When specifying more than one JWK (\fB\-k\fP), the program will succeed
when any of the provided JWKs successfully verify a signature. Alternatively,
if the \fB\-a\fP option is given, the program will succeed only when all JWKs
successfully verify a signature.
.sp
If the JWS is a detached JWS, meaning that the payload is stored in binary
form external to the JWS itself, the payload can be loaded using the \fB\-I\fP
parameter.
.sp
Please note that, when specifying the \fB\-O\fP option to output the payload,
the payload is output whether or not the signature validates. Therefore,
you must check the return value of the command before trusting the data.
.SH "OPTIONS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-i\fP \fIJSON\fP, \fB\-\-input\fP=\fIJSON\fP :
Parse JWS from JSON
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-i\fP \fIFILE\fP, \fB\-\-input\fP=\fIFILE\fP :
Read JWS from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-i\fP \-, \fB\-\-input\fP=\- :
Read JWS from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-I\fP \fIFILE\fP, \fB\-\-detached\fP=\fIFILE\fP :
Read decoded payload from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-I\fP \-, \fB\-\-detached\fP=\- :
Read decoded payload from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-k\fP \fIFILE\fP, \fB\-\-key\fP=\fIFILE\fP :
Read JWK(Set) from FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-k\fP \-, \fB\-\-key\fP=\- :
Read JWK(Set) from standard input
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-O\fP \fIFILE\fP, \fB\-\-detach\fP=\fIFILE\fP :
Decode payload to FILE
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-O\fP \-, \fB\-\-detach\fP=\- :
Decode payload to standard output
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-a\fP, \fB\-\-all\fP :
Ensure the JWS validates with all keys
.RE
.SH "EXAMPLES"
.sp
Verify a regular JWS and output the payload:
.sp
.if n .RS 4
.nf
.fam C
$ jose jws ver \-i msg.jws \-k key.jwk \-O msg.txt
.fam
.fi
.if n .RE
.sp
Verify a detached JWS without outputting the payload:
.sp
.if n .RS 4
.nf
.fam C
$ jose jws ver \-i msg.jws \-I msg.txt \-k key.jwk
.fam
.fi
.if n .RE
.sp
Ensure that a JWS is signed with all specified keys:
.sp
.if n .RS 4
.nf
.fam C
$ jose jws ver \-i msg.jws \-k ec.jwk \-k rsa.jwk \-a
.fam
.fi
.if n .RE
.SH "AUTHOR"
.sp
Nathaniel McCallum \c
.MTO "npmccallum\(atredhat.com" "" ""
.SH "SEE ALSO"
.sp
.URL "jose\-jws\-fmt.1.adoc" "\fBjose\-jws\-fmt\fP(1)" ","
.URL "jose\-jws\-sig.1.adoc" "\fBjose\-jws\-sig\fP(1)" ""