-
-
Notifications
You must be signed in to change notification settings - Fork 679
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add examples to documentation on how to decode private keys with passphrases #286
Labels
Comments
This was referenced Aug 26, 2017
from cryptography.hazmat.backends.openssl.backend import backend
from cryptography.hazmat.primitives import serialization
# how to load private key with passphrase
with open(private_key_file, "rb") as f:
private_key = serialization.load_pem_private_key(
f.read(), password=password.encode(), backend=backend)
token = jwt.encode(..., private_key, ...)
# how to load public key
with open(public_key_file, "rb") as f:
public_key = serialization.load_pem_public_key(
f.read(), backend=backend)
# decode back
header = jwt.get_unverified_header(token)
# ... figure out algorithm you need ...
data = jwt.decode(token, public_key, algorithms=alg) |
@mark-adams @jpadilla The rationale in this comment of issue 199 makes sense, and we now need to formally document it into here. Do you have any specific comment on @desertkun 's attempt above? I can make it a PR for you to review. |
rayluo
added a commit
to rayluo/pyjwt
that referenced
this issue
Oct 20, 2020
This can address jpadilla#286
rylanhall33
added a commit
to rylanhall33/pyjwt
that referenced
this issue
Jun 15, 2022
xmas7
pushed a commit
to RubyOnWorld/pyjwt
that referenced
this issue
Sep 6, 2022
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The current API supports either passing in an unencrypted RSA key in PEM format or passing in a
PublicKey
/PrivateKey
fromcryptography
. A common feature request has been to add the ability to accept a passphrase for encrypted keys as an argument toencode()
ordecode()
but we've decided against that to avoid cluttering the API further.Since the existing API supports passing in
PublicKey
andPrivateKey
objects, we probably should document how to createPublicKey
/PrivateKey
objects using cryptography with passphrases so users of the library can reference the examples and use similar application code when interacting with PyJWT.The text was updated successfully, but these errors were encountered: