python-jose

A JOSE implementation in Python

Build Status Coverage Status

The JavaScript Object Signing and Encryption (JOSE) technologies - JSON Web Signature (JWS), JSON Web Encryption (JWE), JSON Web Key (JWK), and JSON Web Algorithms (JWA) - collectively can be used to encrypt and/or sign content using a variety of algorithms. While the full set of permutations is extremely large, and might be daunting to some, it is expected that most applications will only use a small set of algorithms to meet their needs.

Contents

JSON Web Signature

JSON Web Signatures (JWS) are used to digitally sign a JSON encoded object and represent it as a compact URL-safe string.

Supported Algorithms

The following algorithms are currently supported.

Algorithm Value

Digital Signature or MAC Algorithm

HS256

HMAC using SHA-256 hash algorithm

HS384

HMAC using SHA-384 hash algorithm

HS512

HMAC using SHA-512 hash algorithm

RS256

RSASSA using SHA-256 hash algorithm

RS384

RSASSA using SHA-384 hash algorithm

RS512

RSASSA using SHA-512 hash algorithm

ES256

ECDSA using SHA-256 hash algorithm

ES384

ECDSA using SHA-384 hash algorithm

ES512

ECDSA using SHA-512 hash algorithm

Examples

Signing tokens
>>> from jose import jws
>>> signed = jws.sign({'a': 'b'}, 'secret', algorithm='HS256')
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
Verifying token signatures
>>> jws.verify(signed, 'secret', algorithms=['HS256'])
{'a': 'b'}

JSON Web Token

JSON Web Tokens (JWT) are a JWS with a set of reserved claims to be used in a standardized manner.

JWT Reserved Claims

Claim

Name

Format

Usage

‘exp’

Expiration

int

The time after which the token is invalid.

‘nbf’

Not Before

int

The time before which the token is invalid.

‘iss’

Issuer

str

The principal that issued the JWT.

‘aud’

Audience

str or list(str)

The recipient that the JWT is intended for.

‘iat’

Issued At

int

The time at which the JWT was issued.

JSON Web Key

JSON Web Keys (JWK) are a JSON data structure representing a cryptographic key.

Examples

Verifying token signatures
>>> from jose import jwk
>>> from jose.utils import base64url_decode
>>>
>>> token = "eyJhbGciOiJIUzI1NiIsImtpZCI6IjAxOGMwYWU1LTRkOWItNDcxYi1iZmQ2LWVlZjMxNGJjNzAzNyJ9.SXTigJlzIGEgZGFuZ2Vyb3VzIGJ1c2luZXNzLCBGcm9kbywgZ29pbmcgb3V0IHlvdXIgZG9vci4gWW91IHN0ZXAgb250byB0aGUgcm9hZCwgYW5kIGlmIHlvdSBkb24ndCBrZWVwIHlvdXIgZmVldCwgdGhlcmXigJlzIG5vIGtub3dpbmcgd2hlcmUgeW91IG1pZ2h0IGJlIHN3ZXB0IG9mZiB0by4.s0h6KThzkfBBBkLspW1h84VsJZFTsPPqMDA7g1Md7p0"
>>> hmac_key = {
    "kty": "oct",
    "kid": "018c0ae5-4d9b-471b-bfd6-eef314bc7037",
    "use": "sig",
    "alg": "HS256",
    "k": "hJtXIZ2uSN5kbQfbtTNWbpdmhkV8FJG-Onbc6mxCcYg"
}
>>>
>>> key = jwk.construct(hmac_key)
>>>
>>> message, encoded_sig = token.rsplit('.', 1)
>>> decoded_sig = base64url_decode(encoded_sig)
>>> key.verify(message, decoded_sig)

Note

python-jose requires the use of public keys, as opposed to X.509 certificates. If you have an X.509 certificate that you would like to convert to a public key that python-jose can consume, you can do so with openssl.

> openssl x509 -pubkey -noout < cert.pem

JSON Web Encryption

JSON Web Encryption (JWE) are used to encrypt a payload and represent it as a compact URL-safe string.

Supported Content Encryption Algorithms

The following algorithms are currently supported.

Encryption Value

Encryption Algorithm, Mode, and Auth Tag

A128CBC_HS256

AES w/128 bit key in CBC mode w/SHA256 HMAC

A192CBC_HS384

AES w/128 bit key in CBC mode w/SHA256 HMAC

A256CBC_HS512

AES w/128 bit key in CBC mode w/SHA256 HMAC

A128GCM

AES w/128 bit key in GCM mode and GCM auth tag

A192GCM

AES w/192 bit key in GCM mode and GCM auth tag

A256GCM

AES w/256 bit key in GCM mode and GCM auth tag

Supported Key Management Algorithms

The following algorithms are currently supported.

Algorithm Value

Key Wrap Algorithm

DIR

Direct (no key wrap)

RSA1_5

RSAES with PKCS1 v1.5

RSA_OAEP

RSAES OAEP using default parameters

RSA_OAEP_256

RSAES OAEP using SHA-256 and MGF1 with SHA-256

A128KW

AES Key Wrap with default IV using 128-bit key

A192KW m

AES Key Wrap with default IV using 192-bit key

A256KW

AES Key Wrap with default IV using 256-bit key

Examples

Encrypting Payloads
>>> from jose import jwe
>>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM')
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg'
Decrypting Payloads
>>> from jose import jwe
>>> jwe.decrypt('eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg', 'asecret128bitkey')
'Hello, World!'

APIs

JWS API

jose.jws.get_unverified_claims(token)

Returns the decoded claims without verification of any kind.

Parameters:

token (str) – A signed JWS to decode the headers from.

Returns:

The str representation of the token claims.

Return type:

str

Raises:

JWSError – If there is an exception decoding the token.

jose.jws.get_unverified_header(token)

Returns the decoded headers without verification of any kind.

Parameters:

token (str) – A signed JWS to decode the headers from.

Returns:

The dict representation of the token headers.

Return type:

dict

Raises:

JWSError – If there is an exception decoding the token.

jose.jws.get_unverified_headers(token)

Returns the decoded headers without verification of any kind.

This is simply a wrapper of get_unverified_header() for backwards compatibility.

Parameters:

token (str) – A signed JWS to decode the headers from.

Returns:

The dict representation of the token headers.

Return type:

dict

Raises:

JWSError – If there is an exception decoding the token.

jose.jws.sign(payload, key, headers=None, algorithm='HS256')

Signs a claims set and returns a JWS string.

Parameters:

  • payload (str or dict) – A string to sign

  • key (str or dict) – The key to use for signing the claim set. Can be individual JWK or JWK set.

  • headers (dict, optional) – A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers.

  • algorithm (str, optional) – The algorithm to use for signing the the claims. Defaults to HS256.

Returns:

The string representation of the header, claims, and signature.

Return type:

str

Raises:

JWSError – If there is an error signing the token.

Examples

>>> jws.sign({'a': 'b'}, 'secret', algorithm='HS256')
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
jose.jws.verify(token, key, algorithms, verify=True)

Verifies a JWS string’s signature.

Parameters:

  • token (str) – A signed JWS to be verified.

  • key (str or dict) – A key to attempt to verify the payload with. Can be individual JWK or JWK set.

  • algorithms (str or list) – Valid algorithms that should be used to verify the JWS.

Returns:

The str representation of the payload, assuming the signature is valid.

Return type:

str

Raises:

JWSError – If there is an exception verifying a token.

Examples

>>> token = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
>>> jws.verify(token, 'secret', algorithms='HS256')

JWT API

jose.jwt.decode(token, key, algorithms=None, options=None, audience=None, issuer=None, subject=None, access_token=None)

Verifies a JWT string’s signature and validates reserved claims.

Parameters:

  • token (str) – A signed JWS to be verified.

  • key (str or dict) – A key to attempt to verify the payload with. Can be individual JWK or JWK set.

  • algorithms (str or list) – Valid algorithms that should be used to verify the JWS.

  • audience (str) – The intended audience of the token. If the “aud” claim is included in the claim set, then the audience must be included and must equal the provided claim.

  • issuer (str or iterable) – Acceptable value(s) for the issuer of the token. If the “iss” claim is included in the claim set, then the issuer must be given and the claim in the token must be among the acceptable values.

  • subject (str) – The subject of the token. If the “sub” claim is included in the claim set, then the subject must be included and must equal the provided claim.

  • access_token (str) – An access token string. If the “at_hash” claim is included in the claim set, then the access_token must be included, and it must match the “at_hash” claim.

  • options (dict) –

    A dictionary of options for skipping validation steps.

    defaults = {

    ‘verify_signature’: True, ‘verify_aud’: True, ‘verify_iat’: True, ‘verify_exp’: True, ‘verify_nbf’: True, ‘verify_iss’: True, ‘verify_sub’: True, ‘verify_jti’: True, ‘verify_at_hash’: True, ‘require_aud’: False, ‘require_iat’: False, ‘require_exp’: False, ‘require_nbf’: False, ‘require_iss’: False, ‘require_sub’: False, ‘require_jti’: False, ‘require_at_hash’: False, ‘leeway’: 0,

    }

Returns:

The dict representation of the claims set, assuming the signature is valid

and all requested data validation passes.

Return type:

dict

Raises:

  • JWTError – If the signature is invalid in any way.

  • ExpiredSignatureError – If the signature has expired.

  • JWTClaimsError – If any claim is invalid in any way.

Examples

>>> payload = 'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
>>> jwt.decode(payload, 'secret', algorithms='HS256')
jose.jwt.encode(claims, key, algorithm='HS256', headers=None, access_token=None)

Encodes a claims set and returns a JWT string.

JWTs are JWS signed objects with a few reserved claims.

Parameters:

  • claims (dict) – A claims set to sign

  • key (str or dict) – The key to use for signing the claim set. Can be individual JWK or JWK set.

  • algorithm (str, optional) – The algorithm to use for signing the the claims. Defaults to HS256.

  • headers (dict, optional) – A set of headers that will be added to the default headers. Any headers that are added as additional headers will override the default headers.

  • access_token (str, optional) – If present, the ‘at_hash’ claim will be calculated and added to the claims present in the ‘claims’ parameter.

Returns:

The string representation of the header, claims, and signature.

Return type:

str

Raises:

JWTError – If there is an error encoding the claims.

Examples

>>> jwt.encode({'a': 'b'}, 'secret', algorithm='HS256')
'eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhIjoiYiJ9.jiMyrsmD8AoHWeQgmxZ5yq8z0lXS67_QGs52AzC8Ru8'
jose.jwt.get_unverified_claims(token)

Returns the decoded claims without verification of any kind.

Parameters:

token (str) – A signed JWT to decode the headers from.

Returns:

The dict representation of the token claims.

Return type:

dict

Raises:

JWTError – If there is an exception decoding the token.

jose.jwt.get_unverified_header(token)

Returns the decoded headers without verification of any kind.

Parameters:

token (str) – A signed JWT to decode the headers from.

Returns:

The dict representation of the token headers.

Return type:

dict

Raises:

JWTError – If there is an exception decoding the token.

jose.jwt.get_unverified_headers(token)

Returns the decoded headers without verification of any kind.

This is simply a wrapper of get_unverified_header() for backwards compatibility.

Parameters:

token (str) – A signed JWT to decode the headers from.

Returns:

The dict representation of the token headers.

Return type:

dict

Raises:

JWTError – If there is an exception decoding the token.

JWK API

jose.jwk.construct(key_data, algorithm=None)

Construct a Key object for the given algorithm with the given key_data.

JWE API

jose.jwe.decrypt(jwe_str, key)

Decrypts a JWE compact serialized string and returns the plaintext.

Parameters:

  • jwe_str (str) – A JWE to be decrypt.

  • key (str or dict) – A key to attempt to decrypt the payload with. Can be individual JWK or JWK set.

Returns:

The plaintext bytes, assuming the authentication tag is valid.

Return type:

bytes

Raises:

JWEError – If there is an exception verifying the token.

Examples

>>> from jose import jwe
>>> jwe.decrypt(jwe_string, 'asecret128bitkey')
'Hello, World!'
jose.jwe.encrypt(plaintext, key, encryption='A256GCM', algorithm='dir', zip=None, cty=None, kid=None)

Encrypts plaintext and returns a JWE cmpact serialization string.

Parameters:

  • plaintext (bytes) – A bytes object to encrypt

  • key (str or dict) – The key(s) to use for encrypting the content. Can be individual JWK or JWK set.

  • encryption (str, optional) – The content encryption algorithm used to perform authenticated encryption on the plaintext to produce the ciphertext and the Authentication Tag. Defaults to A256GCM.

  • algorithm (str, optional) – The cryptographic algorithm used to encrypt or determine the value of the CEK. Defaults to dir.

  • zip (str, optional) – The compression algorithm) applied to the plaintext before encryption. Defaults to None.

  • cty (str, optional) – The media type for the secured content. See http://www.iana.org/assignments/media-types/media-types.xhtml

  • kid (str, optional) – Key ID for the provided key

Returns:

The string representation of the header, encrypted key,

initialization vector, ciphertext, and authentication tag.

Return type:

bytes

Raises:

JWEError – If there is an error signing the token.

Examples

>>> from jose import jwe
>>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM')
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg'
jose.jwe.get_unverified_header(jwe_str)

Returns the decoded headers without verification of any kind.

Parameters:

jwe_str (str) – A compact serialized JWE to decode the headers from.

Returns:

The dict representation of the JWE headers.

Return type:

dict

Raises:

JWEError – If there is an exception decoding the JWE.

Principles

This is a JOSE implementation that is fully compatible with Google App Engine which requires the use of the PyCrypto library.

Thanks

This library was originally based heavily on the work of the guys over at PyJWT.