Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #182 from blag/update-tests-aenglander
Move HMACKey, add JWE, and update and expand tests
- Loading branch information
Showing
29 changed files
with
2,479 additions
and
143 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,6 @@ | ||
|
||
JWE API | ||
^^^^^^^ | ||
|
||
.. automodule:: jose.jwe | ||
:members: |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,71 @@ | ||
JSON Web Encryption | ||
=================== | ||
|
||
JSON Web Encryption (JWE) are used to encrypt a payload and represent it as a | ||
compact URL-safe string. | ||
|
||
Supported Content Encryption Algorithms | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
||
The following algorithms are currently supported. | ||
|
||
+------------------+------------------------------------------------+ | ||
| Encryption Value | Encryption Algorithm, Mode, and Auth Tag | | ||
+==================+================================================+ | ||
| A128CBC_HS256 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A192CBC_HS384 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A256CBC_HS512 | AES w/128 bit key in CBC mode w/SHA256 HMAC | | ||
+------------------+------------------------------------------------+ | ||
| A128GCM | AES w/128 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
| A192GCM | AES w/192 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
| A256GCM | AES w/256 bit key in GCM mode and GCM auth tag | | ||
+------------------+------------------------------------------------+ | ||
|
||
Supported Key Management Algorithms | ||
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ | ||
|
||
The following algorithms are currently supported. | ||
|
||
+-----------------+------------------------------------------------+ | ||
| Algorithm Value | Key Wrap Algorithm | | ||
+=================+================================================+ | ||
| DIR | Direct (no key wrap) | | ||
+-----------------+------------------------------------------------+ | ||
| RSA1_5 | RSAES with PKCS1 v1.5 | | ||
+-----------------+------------------------------------------------+ | ||
| RSA_OAEP | RSAES OAEP using default parameters | | ||
+-----------------+------------------------------------------------+ | ||
| RSA_OAEP_256 | RSAES OAEP using SHA-256 and MGF1 with SHA-256 | | ||
+-----------------+------------------------------------------------+ | ||
| A128KW | AES Key Wrap with default IV using 128-bit key | | ||
+-----------------+------------------------------------------------+ | ||
| A192KW m | AES Key Wrap with default IV using 192-bit key | | ||
+-----------------+------------------------------------------------+ | ||
| A256KW | AES Key Wrap with default IV using 256-bit key | | ||
+-----------------+------------------------------------------------+ | ||
|
||
Examples | ||
^^^^^^^^ | ||
|
||
Encrypting Payloads | ||
------------------- | ||
|
||
.. code:: python | ||
>>> from jose import jwe | ||
>>> jwe.encrypt('Hello, World!', 'asecret128bitkey', algorithm='dir', encryption='A128GCM') | ||
'eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg' | ||
Decrypting Payloads | ||
-------------------------- | ||
|
||
.. code:: python | ||
>>> from jose import jwe | ||
>>> jwe.decrypt('eyJhbGciOiJkaXIiLCJlbmMiOiJBMTI4R0NNIn0..McILMB3dYsNJSuhcDzQshA.OfX9H_mcUpHDeRM4IA.CcnTWqaqxNsjT4eCaUABSg', 'asecret128bitkey') | ||
'Hello, World!' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,13 +1,45 @@ | ||
try: | ||
from jose.backends.cryptography_backend import get_random_bytes # noqa: F401 | ||
except ImportError: | ||
try: | ||
from jose.backends.pycrypto_backend import get_random_bytes # noqa: F401 | ||
except ImportError: | ||
from jose.backends.native import get_random_bytes # noqa: F401 | ||
|
||
try: | ||
from jose.backends.cryptography_backend import CryptographyRSAKey as RSAKey # noqa: F401 | ||
except ImportError: | ||
try: | ||
from jose.backends.pycrypto_backend import RSAKey # noqa: F401 | ||
|
||
# time.clock was deprecated in python 3.3 in favor of time.perf_counter | ||
# and removed in python 3.8. pycrypto was never updated for this. If | ||
# time has no clock attribute, let it use perf_counter instead to work | ||
# in 3.8+ | ||
# noinspection PyUnresolvedReferences | ||
import time | ||
if not hasattr(time, "clock"): | ||
time.clock = time.perf_counter | ||
|
||
except ImportError: | ||
from jose.backends.rsa_backend import RSAKey # noqa: F401 | ||
|
||
try: | ||
from jose.backends.cryptography_backend import CryptographyECKey as ECKey # noqa: F401 | ||
except ImportError: | ||
from jose.backends.ecdsa_backend import ECDSAECKey as ECKey # noqa: F401 | ||
|
||
try: | ||
from jose.backends.cryptography_backend import CryptographyAESKey as AESKey # noqa: F401 | ||
except ImportError: | ||
try: | ||
from jose.backends.pycrypto_backend import AESKey # noqa: F401 | ||
except ImportError: | ||
AESKey = None | ||
|
||
try: | ||
from jose.backends.cryptography_backend import CryptographyHMACKey as HMACKey # noqa: F401 | ||
except ImportError: | ||
from jose.backends.native import HMACKey # noqa: F401 | ||
|
||
from .base import DIRKey # noqa: F401 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Oops, something went wrong.