GehirnInc/python-jwt

How to generate rsa_public_key.json?

Opened this issue · 3 comments

In your example code you load a public key from rsa_public_key.json. How is this JSON file generated?

I have no problems generating a PEM from the private key for signing. But how to generte the input for verifying?

rsa_public_key.json follows JWK format as defined in RFC7517.

python-jwt currently could read JWKs of RSA or octet and construct JWK objects from their content. So you can convert your PEM to JWK manually, then pass it to python-jwk.

Furthermore python-jwt could also read a PEM-encoded RSA key and convert it to JSON-serializable Python dict as below.

from jwt import jwk_from_pem

with open('YOUR-RSA-KEY.pem', 'rb') as fh:
    jwk = jwk_from_pem(fh.read())

jwk.to_dict()  # => {'kty': 'RSA', ...}

Sorry I maybe miss-read. In README example, it looks different keys are used to sign and verify, but these keys are actually same but encoded in difference format.

In real environment, asymmetric keys are used in almost all deployments, and signer and verifier are generally difference actors, signer have a private key and verifier have only a public key corresponding to signer's private key. On this assumption, PEM encoded private key is suitable for signer side in terms of operational ease, on the other hand JWK(JSON) format is convenient to distribute publicly.

So I presented two ways in README to express both ways are supported in python-jwt.

I see. My false impression was that you described a way to sign with the private and verify with the public key.