Open pohutukawa opened 6 years ago
zejn
commented
6 years ago Regarding RFC-8037: PR #100 would benefit from a few small changes in order not to make pynacl a hard requirement.
Regarding RFC-7539: PR #100 uses pynacl. Have you tried raising this with pyca team at https://github.com/pyca/pynacl to include support for required functions to make pynacl bindings capable of supporting RFC-7539?
pohutukawa
commented
6 years ago @zejn Regarding RFC-7539: No, I hadn't. But it's a good idea to do so, as opposed to 'butchering around' in the soft fluffies of the C library via ctypes.
pohutukawa
commented
6 years ago OK, it looks like the current master branch of PyNaCl (to be released in the at whenever upcoming v1.3.0 release) does have the bindings exposed in nacl.bindings (in raw). From there it's easily possible to implement the RFC-7539 bits without need to do any pull ups through ctypes and libsodium.
However, I'd say that it's probably only viable once 1.3 of PyNaCl is released, and this extension needs to be parked until then for python-jose. Let's keep our fingers crossed that this will be soon :-) Even though, one can already go and code it up in a branch using PyNaCl 1.3.0.dev1, and have a PR in the drawer once the release is out.
pohutukawa
commented
5 years ago PyNaCl 1.3 is there. So I'd be keen to crack on with this soon.
I'd love to see support for RFC-8037 (JWS/JWT specifically with Ed25519 via PyNaCl) and RFC-7539 (JWE using ChaCha20/Poly1305 encryption) in here.
libsodium(used underneath PyNaCl) are available via the PyNaCl API. Though, if somebody has PyNaCl, they also do havelibsodiumavailable. I have recently hacked around in my own code base to make somelibsodiumfunctions for the IETF-compliant authenticated encryption available to Python by usingctypes. That may provide a working pathway into enabling RFC-7539 for ChaCha20/Poly1305 encryption.Hopefully some things will make their way into python-jose to allow for more modern, compact and fast ciphers to be used.