stackoom
  简体   繁体   中英

How to implement ed25519 algorithm into jwt using python?

 原文  2019-03-26 13:04:27       python/ python-3.x/ jwt/ ed25519

Question

I'm trying to code an API client, the API authentication need a signing the payload using ed25519 according to JWT specification.

{"key": "cnc6666666666666", "iat": 1599999999}

The Seed (also called Private Key, which can be used to calculate the Signing Key) of ed25519 is: 

"CNC88888888888888888888888888888"

The target(JWT Spec) result should be:

eyJhbGciOiJFZDI1NTE5IiwidHlwIjoiSldUIn0.eyJpYXQiOjE1OTk5OTk5OTksImtleSI6ImNuYzY2NjY2NjY2NjY2NjYifQ.RJzhQwRI6g0YZg-Mh201G7aEGcpxm8vN8wf-rgpK6UySeMKRgUHzZV6WLxc93PptrKNb4CLW8XQo48OYR-stDw

I've followed the method showed here . The generateSignature function is what I've tried.

This method is not working for python3, and ed25519 is not officially supported by JWT, so the algorithm is customized implemented in the above sample.

Any help is much appreciated.

1 answers

solution1
 0  2021-05-30 11:08:34

Usage: Issuing and using credentials An Ed25519 public/private key pair needs to be created, for example using the Python cryptography package:

from cryptography.hazmat.primitives.asymmetric.ed25519 import Ed25519PrivateKey
from cryptography.hazmat.primitives.serialization import Encoding, NoEncryption, PrivateFormat, PublicFormat

private_key = Ed25519PrivateKey.generate()
print(private_key.private_bytes(encoding=Encoding.PEM, format=PrivateFormat.PKCS8, encryption_algorithm=NoEncryption()))
print(private_key.public_key().public_bytes(encoding=Encoding.PEM, format=PublicFormat.SubjectPublicKeyInfo))

The issuer of credentials would use the private key to create a JWT for a database user, such as in the below Python example for the database user my_user for the next 24 hours.

from base64 import urlsafe_b64encode
import json
import time
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.serialization import load_pem_private_key

def b64encode_nopadding(to_encode):
    return urlsafe_b64encode(to_encode).rstrip(b'=')

private_key = load_pem_private_key(
    # In real cases, take the private key from an environment variable or secret store
    b'-----BEGIN PRIVATE KEY-----\n' \
    b'MC4CAQAwBQYDK2VwBCIEINQG5lNt1bE8TZa68mV/WZdpqsXaOXBHvgPQGm5CcjHp\n' \
    b'-----END PRIVATE KEY-----\n', password=None, backend=default_backend())
header = {
    'typ': 'JWT',
    'alg': 'EdDSA',
    'crv': 'Ed25519',
}
payload = {
    'sub': 'my_user',
    'exp': int(time.time() + 60 * 60 * 24),
}
to_sign = b64encode_nopadding(json.dumps(header).encode('utf-8')) + b'.' + b64encode_nopadding(json.dumps(payload).encode('utf-8'))
signature = b64encode_nopadding(private_key.sign(to_sign))
jwt = (to_sign + b'.' + signature).decode()
print(jwt)

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Decrypting Ed25519 private keys using python libraries without ssh-keygen -p How to use ssh-keygen ed25519 keys for encryption in Python? Load openssl Ed25519 private key in PEM format into Python ed25519.SigningKey Sign and verify using ed25519 in near protocol how to convert ed25519 keys in pgsql database and retrieve them back Sign a text with pynacl (Ed25519) importing a private key How to set up a hostkey file using ssh-ed25519 as a key for pysftp import ed25519._ed25519 works in powershell but not GAE How to implement FFT algorithm in python? How to implement FPGrowth algorithm in Python?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM