Skip to main content

JSON Web Signatures implementation in Python

Project description

python-jws
=====
A Python implementation of [JSON Web Signatures draft 02](http://self-issued.info/docs/draft-jones-json-web-signature.html)

Installing
----------
$ pip install jws



Algorithms
----------
The JWS spec reserves several algorithms for cryptographic signing. Out of the 9, this library currently supports 7:


**HMAC** – native

* HS256 – HMAC using SHA-256 hash algorithm
* HS384 – HMAC using SHA-384 hash algorithm
* HS512 – HMAC using SHA-512 hash algorithm


**RSA** – requires special version of pycrypto, read below

* RS256 – RSA using SHA-256 hash algorithm

**ECDSA** – requires ecdsa lib: ``pip install ecdsa``

* ES256 – ECDSA using P-256 curve and SHA-256 hash algorithm
* ES384 – ECDSA using P-384 curve and SHA-384 hash algorithm
* ES512 – ECDSA using P-521 curve and SHA-512 hash algorithm

There is also a mechanism for extending functionality by adding your own
algorithms without cracking open the whole codebase. See the advanced usage
section for an example.

<strong>NOTE:</strong> you must use the version of pycrypto submoduled to
``vendor/pycrypto`` to get RSA256 support. However if you don't ever plan on using
RSA, you don't have to worry about it – all crypto libraries are lazily loaded
so you won't even notice it's not there.

If you want to know why RSA support is limited, read this: https://github.com/brianlovesdata/python-jws/blob/master/jws/algos.py#L42

Usage
-----
Let's check out some examples.

>>> import jws
>>> header = { 'alg': 'HS256' }
>>> payload = { 'claim': 'JSON is the raddest.', 'iss': 'brianb' }
>>> signature = jws.sign(header, payload, 'secret')
>>> jws.verify(header, payload, signature, 'secret')
True
>>> jws.verify(header, payload, signature, 'badbadbad')
Traceback (most recent call last):
...
jws.exceptions.SignatureError: Could not validate signature

Now with a real key!

>>> import ecdsa
>>> sk256 = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)
>>> vk = sk256.get_verifying_key()
>>> header = { 'alg': 'ES256' }
>>> sig = jws.sign(header, payload, sk256)
>>> jws.verify(header, payload, sig, vk)
True

Advanced Usage
--------------
Make this file

# file: sillycrypto.py
import jws
from jws.algos import AlgorithmBase, SignatureError
class FXUY(AlgorithmBase):
def __init__(self, x, y):
self.x = int(x)
self.y = int(y)
def sign(self, msg, key):
return 'verysecure' * self.x + key * self.y

def verify(self, msg, sig, key):
if sig != self.sign(msg, key):
raise SignatureError('nope')
return True

jws.algos.CUSTOM += [
# a regular expression with two named matching groups. (x and y)
# named groups will be sent to the class constructor
(r'^F(?P<x>\d)U(?P<y>\d{2})$', FXUY),
]

And in an interpreter:

>>> import jws
>>> header = { 'alg': 'F7U12' }
>>> payload = { 'claim': 'wutt' }
>>> sig = jws.sign(header, payload, '<trollface>')
Traceback (most recent call last):
....
jws.exceptions.AlgorithmNotImplemented: "F7U12" not implemented.
>>>
>>> import sillycrypto
>>> sig = jws.sign(header, payload, '<trollface>')
>>> jws.verify(header, payload, sig, '<trollface>')
True
>>> jws.verify(header, payload, sig, 'y u no verify?')
Traceback (most recent call last):
....
jws.exceptions.SignatureError: nope


Other Stuff
---------

Check out
https://github.com/brianloveswords/python-jws/blob/master/examples/minijwt.py
for a 14-line implemention of JWT.

See
https://github.com/brianloveswords/python-jws/blob/master/examples/ragecrypto.py
for a rage-comic inspired cryptography extension.

TODO
-------
* Write about all the rad stuff that can be done around headers (as extensible as crypto algos)
* Pull in JWK support


Tests
-----

use nosetests

License
-------

MIT

Project details


Download files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

Source Distribution

jws-0.1.2.tar.gz (8.0 kB view details)

Uploaded Source

Built Distribution

jws-0.1.2.macosx-10.9-x86_64.exe (75.1 kB view details)

Uploaded Source

File details

Details for the file jws-0.1.2.tar.gz.

File metadata

  • Download URL: jws-0.1.2.tar.gz
  • Upload date:
  • Size: 8.0 kB
  • Tags: Source
  • Uploaded using Trusted Publishing? No

File hashes

Hashes for jws-0.1.2.tar.gz
Algorithm Hash digest
SHA256 97896acba0884456ca775e1909193f621b9ab6ba17808f9b186f06e6320d17aa
MD5 932647ec85d7f6b5981863f23bde6cc9
BLAKE2b-256 9ff2977ce514709da6ab18c318bd5f567f5ae1334395778131377b06cc30ec00

See more details on using hashes here.

File details

Details for the file jws-0.1.2.macosx-10.9-x86_64.exe.

File metadata

File hashes

Hashes for jws-0.1.2.macosx-10.9-x86_64.exe
Algorithm Hash digest
SHA256 381cd248c4ee8ed85b216fe3c2ee7c866f516d674f44410cfb56b816fa8f6ff8
MD5 3692b266201d83c4ecb5f1c418d155d2
BLAKE2b-256 6cdd13c38ca7678296fa683aaf252f49b7051ca5e80c2160de5389cd9ae21fb4

See more details on using hashes here.

Supported by

AWS AWS Cloud computing and Security Sponsor Datadog Datadog Monitoring Fastly Fastly CDN Google Google Download Analytics Microsoft Microsoft PSF Sponsor Pingdom Pingdom Monitoring Sentry Sentry Error logging StatusPage StatusPage Status page