New in version v0.15.
In RFC8037, algorithm “EdDSA” is defined for JWS. Use Edwards-curve Digital Signature Algorithm (EdDSA) for signing data using “JSON Web Signature (JWS)”:
from authlib.jose import JsonWebSignature
# only allow "EdDSA" alg value
jws = JsonWebSignature(algorithms=['EdDSA'])
protected = {'alg': 'EdDSA'}
payload = b'example'
with open('ed25519-pkcs8.pem', 'rb') as f:
secret = f.read()
jws.serialize_compact(protected, payload, secret)
Learn how to use other JWS functions at JSON Web Signature (JWS).
It can also be used in JSON Web Token (JWT):
from authlib.jose import JsonWebToken
jwt = JsonWebToken(algorithms=['EdDSA'])
with open('ed25519-pkcs8.pem', 'rb') as f:
key = f.read()
header = {'alg': 'EdDSA'}
payload = {'iss': 'Authlib', 'sub': '123', ...}
s = jwt.encode(header, payload, key)
In RFC8037, algorithms “Ed25519”, “Ed448”, “X25519”, “X448” are defined for JWK. Loads and dumps Json Web Keys with:
from authlib.jose import JsonWebKey
with open('ed25519-pkcs8.pem', 'rb') as f:
key = f.read()
# MUST use "OKP" as "kty" value
JsonWebKey.import_key(key, {'kty': 'OKP'})
Learn how to use other JWK functions at JSON Web Key (JWK).
“X25519”, “X448” keys are used in “epk” for ECDH-ES algorithms.
Just use the X25519
and X448
key for ECDH-ES
in JWE:
from authlib.jose import OKPKey
from authlib.jose import JsonWebEncryption
jwe = JsonWebEncryption()
with open('X25519.pem', 'rb') as f:
key = OKPKey.import_key(f.read())
protected = {
"alg": "ECDH-ES",
"enc": "A128GCM",
"apu": "QWxpY2U",
"apv": "Qm9i",
}
jwe.serialize_compact(protected, b'hello', key)
authlib.jose.
OKPKey
(payload)¶Key class of the OKP
key type.
as_pem
(is_private=False, password=None)¶Export key into PEM format bytes.
Parameters: |
|
---|---|
Returns: | bytes |
import_key
(raw, options=None)¶Import a key from PEM or dict data.