search
githubEdit

Console

The JWT Framework provides a comprehensive set of command-line tools for managing keys, key sets, and tokens. These tools are invaluable for development, testing, and production operations.

hashtag
Installation Options

The console commands are available in three different ways to suit your needs:

hashtag
1. Standalone Application

Perfect for quick operations without a full project setup.

hashtag
2. Symfony Console Integration

Integrated into your Symfony application's console.

hashtag
3. PHAR (PHP Archive)

A self-contained executable file that works anywhere PHP is installed.

hashtag
Quick Start

circle-info

In the following examples, we use ./jose.phar as the command prefix. Replace it with:

  • php bin/console jose: if using Symfony Console

  • vendor/bin/jose if using the standalone application

hashtag
Getting Help

All commands support the --help option for detailed usage information:

hashtag
Saving Output to Files

You can easily save command output to files for later use:

hashtag
Command Categories

The console commands are organized into logical categories:

hashtag
🔑 Key Management

Create, convert, analyze, and optimize cryptographic keys:

  • Generate new keys (RSA, EC, OKP, oct)

  • Convert between formats (JWK, PEM, DER)

  • Extract public keys from private keys

  • Analyze key security

  • Optimize RSA keys for performance

  • Calculate key thumbprints

hashtag
📦 Key Set Management

Manage collections of keys:

  • Merge multiple key sets

  • Convert all keys in a set

  • Analyze all keys in a set

  • Extract specific keys from sets

hashtag
🔄 Key Loading

Load keys from various sources:

  • Load from files (JWK, PEM, DER)

  • Load from URLs (JKU, X5U)

  • Load from X.509 certificates

  • Load from PKCS#12 bundles

hashtag
Usage Examples

hashtag
Generate a New Symmetric Key

Output:

hashtag
Generate an RSA Key Pair

hashtag
Convert a Private Key to Public Key

hashtag
Command Reference

hashtag
Key Management Commands

hashtag
Private Key To Public Key Converter

This command will convert a private key into a public key. It has no effect on shared keys (e.g. oct keys).

hashtag
Key Analyze

The following command will analyze the key passed as argument and find issues.

hashtag
PKCS#1 Key Converter

This command will convert a RSA or EC key into PKCS#1 key.

hashtag
Key Generators

The key generator commands will generate a private or shared key. The following options are available:

  • -u or --use: indicates the usage of the key (sig or enc): --use enc. This option is highly recommended.

  • -a or --alg: indicates the algorithm to be used with the key: --alg RSA-OAEP-256. This option is highly recommended.

Elliptic Curve Key

This command will generate an Elliptic Curve key (EC). The supported curves are P-256, P-384 and P-521.

RSA Key

This command will generate a RSA key. The key size must be at least 384 bits. Recommended size is 2048 bits or more.

Octet Key

This command will generate a octet key (oct). Recommended size is 128 bits or more.

Octet Key Pair Key

This command will generate a octet key pair key (OKP). Supported curves are X25519 (for encryption only) and Ed25519 (signature only).

None Key

This command will generate a none key. This key type is only used by the none algorithm. Key parameters alg and use are automatically set.

From An Existing Secret

If you already have a secret, you can use it to create an octet key (oct).

In case your secret is binary string, you will have to encode it first (Base64) and indicate it is encoded.

hashtag
Key Loaders

The key loader commands will load keys from various sources. The following options are available:

  • -u or --use: indicates the usage of the key (sig or enc): --use enc. This option is highly recommended.

  • -a or --alg: indicates the algorithm to be used with the key: --alg RSA-OAEP-256. This option is highly recommended.

Convert From PEM/DER Keys

This command can load and convert a DER/PEM key file into a JWK. It supports encrypted keys as well as PKCS#1 and PKCS#8 encodings or public/private keys.

Convert From PKCS#12 Keys

This command can load and convert a PKCS#12 key file into a JWK. It supports encrypted keys.

Convert From A X.509 Certificate

This command can load and convert a X.509 key file into a JWK.

hashtag
RSA Key Optimization

This command optimizes a RSA key by calculating additional primes (CRT). The following option is available:

RSA keys generated by this framework are already optimized. This command may be needed when you import RSA keys from external sources. The optimization is not mandatory but highly recommended. Cryptographic operations are up to 10 times faster.

hashtag
Key Thumbprint

This command will calculate the key thumbprint as per the RFC7638arrow-up-right. The following options are available:

hashtag
Keyset Management Commands

hashtag
Private Keys To Public Keys Converter

This command has the same effect as key:convert:public except that it will convert all keys in the keyset. It has no effect on shared keys (e.g. oct keys).

hashtag
Key Analyze

This command has the same behaviour as key:analyze except that it will analyze all keys in the keyset.

hashtag
Keyset Generators

The key set generator commands will generate key sets with random keys of the same type.

These commands have the same options as the key generator commands. The only difference is that you have to indicate the number of keys you want in the key set.

Examples:

The result of these commands is a JWKSet object.

hashtag
Key Set Modification

  • keyset:add:key: Add a key into a key set.

  • keyset:merge: Merge several key sets into one.

  • keyset:rotate: Rotate a key set.

hashtag
Distant Key Set Loading

  • keyset:load:jku: Loads a key set from an url.

  • keyset:load:x5u: Loads a key set from an url.

PreviousEventsNextStandalone Application

Last updated

Was this helpful?