in a mock for local testing we're using a randomly generated EC key to sign tokens.
Sometimes the key that's generated does not seem to be usable by pyjwt though, which seems odd.
Expected Result
Keys generated via cryptography, dumped to and loaded as jwk should be valid keys.
Actual Result
Some keys seem to be not supported or maybe wrongly exported/imported as jwk, leading to an InvalidKeyError.
See example below:
Reproduction Steps
import json
import time
import cryptography.hazmat.primitives.asymmetric.ec as ec
from jwt import InvalidKeyError
from jwt.algorithms import ECAlgorithm
if __name__ == "__main__":
t = time.time()
while time.time() - t < 10:
private_key = ec.generate_private_key(ec.SECP256R1())
jwk = json.loads(ECAlgorithm.to_jwk(private_key.public_key()))
try:
ECAlgorithm.from_jwk(jwk)
except InvalidKeyError:
print("Failed key:")
print(json.dumps(jwk, indent=True))
raise
This fails very quickly with e.g. (the key data is obviously different each time):
Failed key:
{
"kty": "EC",
"crv": "P-256",
"x": "oUU2SoDzIpcux68yJAih8kCiObMKp159_j1viE2rkRQ",
"y": "z7Os4ZxXJbpuuZD8ASTm9i5EoCAhlv_hWz2A6gG-HA"
}
Traceback (most recent call last):
File "/xyz/jwk_error.py", line 16, in <module>
ECAlgorithm.from_jwk(jwk)
File "/xyz/venv/lib/python3.9/site-packages/jwt/algorithms.py", line 630, in from_jwk
raise InvalidKeyError("Coords should be 32 bytes for curve P-256")
jwt.exceptions.InvalidKeyError: Coords should be 32 bytes for curve P-256
System Information
$ python -m jwt.help
❯ python -m "jwt.help"
{
"cryptography": {
"version": "41.0.5"
},
"implementation": {
"name": "CPython",
"version": "3.9.16"
},
"platform": {
"release": "23.1.0",
"system": "Darwin"
},
"pyjwt": {
"version": "2.8.0"
}
}```
This command is only available on PyJWT v1.6.3 and greater. Otherwise,
please provide some basic information about your system.
Hi there,
in a mock for local testing we're using a randomly generated EC key to sign tokens. Sometimes the key that's generated does not seem to be usable by pyjwt though, which seems odd.
Expected Result
Keys generated via cryptography, dumped to and loaded as jwk should be valid keys.
Actual Result
Some keys seem to be not supported or maybe wrongly exported/imported as jwk, leading to an
InvalidKeyError
. See example below:Reproduction Steps
This fails very quickly with e.g. (the key data is obviously different each time):
System Information