Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

JWT encrypting payload in python? (JWE)

Tags:

python

jwt

jwe

python-jose

pyjwt

According to RFC 7516 it should be possible to encrypt the payload/claim, called JWE.

Are there any python libraries out there that support that?

I've checked PyJWT, python-jose and jwcrypto but they all just have examples for signing with HS256 (JWS).

Sorry if this is totally obvious, but when it comes to things involving crypto I'm extra cautious.

like image 232
Johnny Avatar asked Aug 26 '16 09:08

Johnny

People also ask

Can JWT payload be encrypted?

JSON Web Tokens (JWT) can be signed then encrypted to provide confidentiality of the claims. While it's technically possible to perform the operations in any order to create a nested JWT, senders should first sign the JWT, then encrypt the resulting message.

What is difference between JWT and JWE?

JSON Web Token (JWT) From the text, we can understand that JWT is not a structure but a set of claims in the shape of either JWS or JWE as its way of securing itself. In the most basic form, the difference between JWS and JWE is that everyone can see the payload of JWS while the JWE one is encrypted.

What is JWE encrypted key?

The Content Encryption Key (CEK) is encrypted with the intended recipient's key and the resulting encrypted content is recorded as a byte array, which is referred to as the JWE Encrypted Key. JWE Ciphertext. A byte array containing the Ciphertext. Encoded JWE Header. Base64url encoding of the bytes of the UTF-8 RFC ...

1 Answers

Both Jose and jwcrypto libraries can do JWE.

For jose:

claims = {
'iss': 'http://www.example.com',
'sub': 42,
}
pubKey = {'k':\
           '-----BEGIN PUBLIC KEY-----\n\
-----END PUBLIC KEY-----'
    }
# decrypt on the other end using the private key
privKey = {'k': 
    '-----BEGIN RSA PRIVATE KEY-----\n'+\
'-----END RSA PRIVATE KEY-----'
}

encJwt = jose.encrypt(claims, pubKey)
serJwt = jose.serialize_compact(encJwt)
decJwt = jose.decrypt(jose.deserialize_compact(serJwt), privKey)

For jwcrypto:

# algorithm to use
eprot = {'alg': "RSA-OAEP", 'enc': "A128CBC-HS256"}
stringPayload = u'attack at dawn'
E = jwe.JWE(stringPayload, json_encode(eprot))
E.add_recipient(pubKey)
encrypted_token = E.serialize(compact=True)
E = jwe.JWE()
E.deserialize(encrypted_token, key=privKey)
decrypted_payload = E.payload
like image 196
Yifan Wu Avatar answered Oct 14 '22 06:10

Yifan Wu
Sign in to Comment

Related questions

How can i change django admin to rtl style
Denormalize unit vector
Why do file permissions show different in Python and bash?
Polar heatmaps in python
How to append a file with a newline using %%writefile -a command in jupyter?
Multicore and multithread on Ipython Notebook
How can I make my code more readable and DRYer when working with XML namespaces in Python?
Python: search for a file in current directory and all it's parents
Python TypeError: 'type' object does not support item assignment
Timeseries plot with min/max shading using Seaborn
Zipline: using pandas-datareader to feed in Google Finance dataframe for non-US based financial markets
pandas DataFrame reset_index which can handle duplicate column names?
The fastest way to parse dates in Python when reading .csv file?
Wrap image around a circle
ImportError: No module named package
ipdb how to bring the python debugger up to the frame which called the third-party code
How to install Python3 to custom path using Chocolatey?
What is the simplest python code to plot a simple graph (simpler than matlab)
Python - Basic vs extended slicing
How to interpret `scipy.stats.kstest` and `ks_2samp` to evaluate `fit` of data to a distribution?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!