-
Notifications
You must be signed in to change notification settings - Fork 232
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1 from blag/add-jwe-aenglander
Add JWE support
- Loading branch information
Showing
25 changed files
with
2,404 additions
and
120 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
JWE API | ||
^^^^^^^ | ||
|
||
.. automodule:: jose.jwe | ||
:members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
JSON Web Encryption | ||
=================== | ||
|
||
JSON Web Encryption (JWE) are used to encrypt a payload and represent it as a | ||
compact URL-safe string. | ||
|
||
Supported Content Encryption Algorithms | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
||
The following algorithms are currently supported. | ||
|
||
+------------------+------------------------------------------------+ | ||
| Encryption Value | Encryption Algorithm, Mode, and Auth Tag | | ||
+==================+================================================+ | ||
| A128CBC_HS256 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A192CBC_HS384 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A256CBC_HS512 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A128GCM | AES w/128 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
| A192GCM | AES w/192 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
| A256GCM | AES w/256 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
|
||
Supported Key Management Algorithms | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
||
The following algorithms are currently supported. | ||
|
||
+-----------------+------------------------------------------------+ | ||
| Algorithm Value | Key Wrap Algorithm | | ||
+=================+================================================+ | ||
| DIR | Direct (no key wrap) | | ||
+-----------------+------------------------------------------------+ | ||
| RSA1_5 | RSAES with PKCS1 v1.5 | | ||
+-----------------+------------------------------------------------+ | ||
| RSA_OAEP | RSAES OAEP using default parameters | | ||
+-----------------+------------------------------------------------+ | ||
| RSA_OAEP_256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 | | ||
+-----------------+------------------------------------------------+ | ||
| A128KW | AES Key Wrap with default IV using 128-bit key | | ||
+-----------------+------------------------------------------------+ | ||
| A192KW m | AES Key Wrap with default IV using 192-bit key | | ||
+-----------------+------------------------------------------------+ | ||
| A256KW | AES Key Wrap with default IV using 256-bit key | | ||
+-----------------+------------------------------------------------+ | ||
|
||
Examples | ||
^^^^^^^^ | ||
|
||
Encrypting Payloads | ||
------------------- | ||
|
||
.. code:: python | ||
>>> from jose import jwe | ||
>>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM') | ||
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg' | ||
Decrypting Payloads | ||
-------------------------- | ||
|
||
.. code:: python | ||
>>> from jose import jwe | ||
>>> jwe.decrypt('eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg', 'asecret128bitkey') | ||
'Hello, World!' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.