Home

Keyops

Key_ops, often written as key_ops, is a parameter used in JSON Web Key (JWK) representations to indicate the cryptographic operations for which a key is intended to be used. It is commonly included in a JWK or JWKS (JSON Web Key Set) to inform applications, key management systems, or hardware security modules about permissible uses.

The value of key_ops is an array of strings, each describing a supported operation. The standard set

Key_ops is often used alongside other JWK fields that describe usage, such as alg (the intended algorithm)

Example: a JWK with key_ops: ["encrypt","decrypt"] indicates the key is suitable for encryption and decryption operations,

See also: JSON Web Key (JWK), JOSE, RFC 7517.

defined
in
RFC
7517
includes:
sign,
verify,
encrypt,
decrypt,
wrapKey,
unwrapKey,
deriveKey,
and
deriveBits.
The
parameter
is
advisory
and
helps
with
key
selection
and
policy
enforcement,
but
it
is
not
a
hard
security
guarantee;
implementations
may
choose
to
ignore
it
or
treat
it
as
a
hint.
and
use
(public
key
use,
e.g.,
sig
or
enc)
in
older
or
simpler
deployments.
In
practice,
key_ops
can
help
operators
and
software
filter
or
route
keys
according
to
their
capabilities,
improving
key
management
and
reducing
the
risk
of
misuse
when
multiple
keys
are
stored
or
distributed.
typically
paired
with
appropriate
algorithm
and
key
material.