JSON Web Signatures implementation in Python
Project description
python-jws
=====
A Python implementation of [JSON Web Signatures draft 02](http://self-issued.info/docs/draft-jones-json-web-signature.html)
Also now works on Python 3.3+ as well as Python 2.7+. However, it's a naive conversion to support both Python 2 and Python 3 so there may well be hidden bugs.
Installing
----------
$ pip install jws
Algorithms
----------
The JWS spec reserves several algorithms for cryptographic signing. Out of the 9, this library currently supports 7:
**HMAC** – native
* HS256 – HMAC using SHA-256 hash algorithm
* HS384 – HMAC using SHA-384 hash algorithm
* HS512 – HMAC using SHA-512 hash algorithm
**RSA** – requires pycrypto >= 2.5: ``pip install pycrypto``
* RS256 – RSA using SHA-256 hash algorithm
**ECDSA** – requires ecdsa lib: ``pip install ecdsa``
* ES256 – ECDSA using P-256 curve and SHA-256 hash algorithm
* ES384 – ECDSA using P-384 curve and SHA-384 hash algorithm
* ES512 – ECDSA using P-521 curve and SHA-512 hash algorithm
There is also a mechanism for extending functionality by adding your own
algorithms without cracking open the whole codebase. See the advanced usage
section for an example.
For RSA and ECDSA, all crypto libraries are lazily loaded so you won't need the dependencies unless you try to use the functionality.
Usage
-----
Let's check out some examples.
>>> import jws
>>> header = { 'alg': 'HS256' }
>>> payload = { 'claim': 'JSON is the raddest.', 'iss': 'brianb' }
>>> signature = jws.sign(header, payload, 'secret')
>>> jws.verify(header, payload, signature, 'secret')
True
>>> jws.verify(header, payload, signature, 'badbadbad')
Traceback (most recent call last):
...
jws.exceptions.SignatureError: Could not validate signature
Now with a real key!
>>> import ecdsa
>>> sk256 = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)
>>> vk = sk256.get_verifying_key()
>>> header = { 'alg': 'ES256' }
>>> sig = jws.sign(header, payload, sk256)
>>> jws.verify(header, payload, sig, vk)
True
Advanced Usage
--------------
Make this file
# file: sillycrypto.py
import jws
from jws.algos import AlgorithmBase, SignatureError
class FXUY(AlgorithmBase):
def __init__(self, x, y):
self.x = int(x)
self.y = int(y)
def sign(self, msg, key):
return 'verysecure' * self.x + key * self.y
def verify(self, msg, sig, key):
if sig != self.sign(msg, key):
raise SignatureError('nope')
return True
jws.algos.CUSTOM += [
# a regular expression with two named matching groups. (x and y)
# named groups will be sent to the class constructor
(r'^F(?P<x>\d)U(?P<y>\d{2})$', FXUY),
]
And in an interpreter:
>>> import jws
>>> header = { 'alg': 'F7U12' }
>>> payload = { 'claim': 'wutt' }
>>> sig = jws.sign(header, payload, '<trollface>')
Traceback (most recent call last):
....
jws.exceptions.AlgorithmNotImplemented: "F7U12" not implemented.
>>>
>>> import sillycrypto
>>> sig = jws.sign(header, payload, '<trollface>')
>>> jws.verify(header, payload, sig, '<trollface>')
True
>>> jws.verify(header, payload, sig, 'y u no verify?')
Traceback (most recent call last):
....
jws.exceptions.SignatureError: nope
Other Stuff
---------
Check out
https://github.com/brianloveswords/python-jws/blob/master/examples/minijwt.py
for a 14-line implemention of JWT.
See
https://github.com/brianloveswords/python-jws/blob/master/examples/ragecrypto.py
for a rage-comic inspired cryptography extension.
TODO
-------
* Write about all the rad stuff that can be done around headers (as extensible as crypto algos)
* Pull in JWK support
Tests
-----
use nosetests
License
-------
MIT
=====
A Python implementation of [JSON Web Signatures draft 02](http://self-issued.info/docs/draft-jones-json-web-signature.html)
Also now works on Python 3.3+ as well as Python 2.7+. However, it's a naive conversion to support both Python 2 and Python 3 so there may well be hidden bugs.
Installing
----------
$ pip install jws
Algorithms
----------
The JWS spec reserves several algorithms for cryptographic signing. Out of the 9, this library currently supports 7:
**HMAC** – native
* HS256 – HMAC using SHA-256 hash algorithm
* HS384 – HMAC using SHA-384 hash algorithm
* HS512 – HMAC using SHA-512 hash algorithm
**RSA** – requires pycrypto >= 2.5: ``pip install pycrypto``
* RS256 – RSA using SHA-256 hash algorithm
**ECDSA** – requires ecdsa lib: ``pip install ecdsa``
* ES256 – ECDSA using P-256 curve and SHA-256 hash algorithm
* ES384 – ECDSA using P-384 curve and SHA-384 hash algorithm
* ES512 – ECDSA using P-521 curve and SHA-512 hash algorithm
There is also a mechanism for extending functionality by adding your own
algorithms without cracking open the whole codebase. See the advanced usage
section for an example.
For RSA and ECDSA, all crypto libraries are lazily loaded so you won't need the dependencies unless you try to use the functionality.
Usage
-----
Let's check out some examples.
>>> import jws
>>> header = { 'alg': 'HS256' }
>>> payload = { 'claim': 'JSON is the raddest.', 'iss': 'brianb' }
>>> signature = jws.sign(header, payload, 'secret')
>>> jws.verify(header, payload, signature, 'secret')
True
>>> jws.verify(header, payload, signature, 'badbadbad')
Traceback (most recent call last):
...
jws.exceptions.SignatureError: Could not validate signature
Now with a real key!
>>> import ecdsa
>>> sk256 = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)
>>> vk = sk256.get_verifying_key()
>>> header = { 'alg': 'ES256' }
>>> sig = jws.sign(header, payload, sk256)
>>> jws.verify(header, payload, sig, vk)
True
Advanced Usage
--------------
Make this file
# file: sillycrypto.py
import jws
from jws.algos import AlgorithmBase, SignatureError
class FXUY(AlgorithmBase):
def __init__(self, x, y):
self.x = int(x)
self.y = int(y)
def sign(self, msg, key):
return 'verysecure' * self.x + key * self.y
def verify(self, msg, sig, key):
if sig != self.sign(msg, key):
raise SignatureError('nope')
return True
jws.algos.CUSTOM += [
# a regular expression with two named matching groups. (x and y)
# named groups will be sent to the class constructor
(r'^F(?P<x>\d)U(?P<y>\d{2})$', FXUY),
]
And in an interpreter:
>>> import jws
>>> header = { 'alg': 'F7U12' }
>>> payload = { 'claim': 'wutt' }
>>> sig = jws.sign(header, payload, '<trollface>')
Traceback (most recent call last):
....
jws.exceptions.AlgorithmNotImplemented: "F7U12" not implemented.
>>>
>>> import sillycrypto
>>> sig = jws.sign(header, payload, '<trollface>')
>>> jws.verify(header, payload, sig, '<trollface>')
True
>>> jws.verify(header, payload, sig, 'y u no verify?')
Traceback (most recent call last):
....
jws.exceptions.SignatureError: nope
Other Stuff
---------
Check out
https://github.com/brianloveswords/python-jws/blob/master/examples/minijwt.py
for a 14-line implemention of JWT.
See
https://github.com/brianloveswords/python-jws/blob/master/examples/ragecrypto.py
for a rage-comic inspired cryptography extension.
TODO
-------
* Write about all the rad stuff that can be done around headers (as extensible as crypto algos)
* Pull in JWK support
Tests
-----
use nosetests
License
-------
MIT
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
jws-0.1.3.tar.gz
(8.1 kB
view details)
Built Distributions
jws-0.1.3-py3.4.egg
(20.6 kB
view details)
jws-0.1.3-py2.7.egg
(19.9 kB
view details)
jws-0.1.3-py2.6.egg
(19.9 kB
view details)
File details
Details for the file jws-0.1.3.tar.gz
.
File metadata
- Download URL: jws-0.1.3.tar.gz
- Upload date:
- Size: 8.1 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 0e3d4cb06ae7c5c1d16d357b4e7acb5c5ecab0cccb3a4b998035b85052488053 |
|
MD5 | 2d1dbd8dde4d2965b425add86963fa6e |
|
BLAKE2b-256 | 019e1536d578ed50f5fe8196310ddcc921a3cd8e973312d60ac74488b805d395 |
File details
Details for the file jws-0.1.3-py3.4.egg
.
File metadata
- Download URL: jws-0.1.3-py3.4.egg
- Upload date:
- Size: 20.6 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 1c435117e2f6842e74e9a167df58cbab20f36aa14996ccbc81b7aded2f09a704 |
|
MD5 | 276cd194ed5164f3a97d286fca4ca0bc |
|
BLAKE2b-256 | c97fd9ab4b0c6fbd9b3420b332bbdd707ed7823a47bd5b717dd4c5ab7ab91837 |
File details
Details for the file jws-0.1.3-py2.7.egg
.
File metadata
- Download URL: jws-0.1.3-py2.7.egg
- Upload date:
- Size: 19.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 6f48d610bbd0d6974ce0c010a6ce0438d3fa87539e68c5e21ea28d29a8df0e57 |
|
MD5 | 4e3afb1e9a47b44217f3803c0bae702f |
|
BLAKE2b-256 | dd67dfa27efe338d526ca2a7b3633fada977959091808e9f22b7df08388a9d81 |
File details
Details for the file jws-0.1.3-py2.6.egg
.
File metadata
- Download URL: jws-0.1.3-py2.6.egg
- Upload date:
- Size: 19.9 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
File hashes
Algorithm | Hash digest | |
---|---|---|
SHA256 | 8f9c25d7022a9592fe4766612db729e7f5ee2afbc8d409108ef11f26b0aa94b6 |
|
MD5 | 30aa0844df8d4c2d479266d5f0b4e2b6 |
|
BLAKE2b-256 | 357d7da8847ad5b7ec79528abd72dce38bd98c01070ca4a42cd120b5a933aff6 |