Closed PiotrNestor closed 2 years ago
This is on MacOS: uname -a Darwin EU-EXT-CKY 18.6.0 Darwin Kernel Version 18.6.0: Thu Apr 25 23:16:27 PDT 2019; root:xnu-4903.261.4~2/RELEASE_X86_64 x86_64
Hi Piotr et al.,
Summary
The Reproduction Steps
example has a mismatch between the Elliptic Curve private_key
argument and the algorithm='RS256'
keyword argument, which mismatch generates an exception; that exception, though less than helpful, is correct behavior.
Suggestion
To be more informative, the prepare_key
methods of the various Algorithm
sub-classes could check the types of their return values before returning them, and throw an exception for a mismatch between the key and the algorithm, allowing a more informative traceback e.g.
assert isinstance(key, RSAPrivateKey) or isinstance(key, RSAPublicKey),'Key type mismatch: {0} is not RSAPrivateKey or RSAPublicKey'.format(str(type(key)))
Traceback (most recent call last):
[...]
AssertionError: Key type mismatch: <class 'cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey'> is not RSAPrivateKey or RSAPublicKey
Details
The algorithm should be ES256, because
-----BEGIN EC PRIVATE KEY-----
- EC => Elliptic Curve), ,algorithm='RS256'
passes that private_key bytes object to the RSAAlgorithm
class,[cryptography.hazmat.primitives.serialization.]load_pem_private_key
, in the RSAAlgorithm prepare_key
method converts it to an instance of the <cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey>
class,RSAAlgorithm
class assumes it has instantiated an object of either class RSAPrivateKey
or class RSAPublicKey
.RSAAlgorithm.sign
at https://github.com/jpadilla/pyjwt/blob/master/jwt/algorithms.py#L313, calls the _EllipticCurvePrivateKey.sign
method, which has three arguments (two plus self) with the argument list for RSAPrivateKey.sign
, which has four arguments (three plus self):
key = load_pem_private_key(private_key, password=None, backend=default_backend())
>>> key
<cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey object at 0x7f022400ca90>
>>> help(key.sign)
Help on method sign in module cryptography.hazmat.backends.openssl.ec:
sign(data, signature_algorithm) method of cryptography.hazmat.backends.openssl.ec._EllipticCurvePrivateKey instance
Here is a successful call:
jwt.encode(claim2,private_key,algorithm='ES256') b'eyJ0eXAiOiJKV1QiLCJhbGciOiJFUzI1NiJ9.eyJLZXlpZCI6ImFiY2RlZmcifQ.SZIVRIO3Rpp1AgmPpZiqppFwOAunznvjr-xRPo8JzTHpWwICF9Gs4pdP1vf5wfiS9w93pmEXnnLct-ozB_N4Gw'
I generated my own Elliptic Curve ```private_key``` with ```% openssl ecparam -name secp256k1 -genkey```
Can you give an example of successfully using "RS256" as an encoding algorithm, or does that not work?
This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days
I'm getting: TypeError: sign() takes 3 positional arguments but 4 were given
Expected Result
Token is returned
Actual Result
TypeError: sign() takes 3 positional arguments but 4 were given
Reproduction Steps
System Information
This command is only available on PyJWT v1.6.3 and greater. Otherwise, please provide some basic information about your system.