JWK API

This part of the documentation covers all the interfaces of joserfc.jwk.

class joserfc.jwk.ECKey(raw_value: NativePrivateKey | NativePublicKey, original_value: Any, parameters: KeyParameters | None = None)
classmethod generate_key(crv: str = 'P-256', parameters: KeyParameters | None = None, private: bool = True, auto_kid: bool = False) ECKey

Generate a ECKey with the given “crv” value.

Parameters:

  • crv – ECKey curve name

  • parameters – extra parameter in JWK

  • private – generate a private key or public key

  • auto_kid – add kid automatically

value_registry: t.ClassVar[KeyParameterRegistryDict] = {'crv': <joserfc.registry.KeyParameter object>, 'd': <joserfc.registry.KeyParameter object>, 'x': <joserfc.registry.KeyParameter object>, 'y': <joserfc.registry.KeyParameter object>}

Registry definition for EC Key https://www.rfc-editor.org/rfc/rfc7518#section-6.2

class joserfc.jwk.JWKRegistry

A registry for JWK to record joserfc supported key types. Normally, you would use explicit key types like OctKey, RSAKey; This registry provides a way to dynamically import and generate keys. For instance:

from joserfc.jwk import JWKRegistry

# instead of choosing which key type to use yourself,
# JWKRegistry can import it automatically
data = {"kty": "oct", "k": "..."}
key = JWKRegistry.import_key(data)
classmethod generate_key(key_type: str, crv_or_size: str | int, parameters: KeyParameters | None = None, private: bool = True, auto_kid: bool = False) OctKey | RSAKey | ECKey | OKPKey

A class method for generating key according to the given key type. When key_type is “oct” and “RSA”, the second parameter SHOULD be a key size in bits. When key_type is “EC” and “OKP”, the second parameter SHOULD be a “crv” string.

JWKRegistry.generate_key("RSA", 2048)
JWKRegistry.generate_key("EC", "P-256")
classmethod import_key(data: str | bytes | Dict[str, str | List[str]], key_type: str | None = None, parameters: KeyParameters | None = None) OctKey | RSAKey | ECKey | OKPKey

A class method for importing a key from bytes, string, and dict. When value is a dict, this method can tell the key type automatically, otherwise, developers SHOULD pass the key_type themselves.

Parameters:

  • data – the key data in bytes, string, or dict.

  • key_type – an optional key type in string.

  • parameters – extra key parameters

Returns:

OctKey, RSAKey, ECKey, or OKPKey

class joserfc.jwk.OKPKey(raw_value: NativePrivateKey | NativePublicKey, original_value: Any, parameters: KeyParameters | None = None)

Key class of the OKP key type.

classmethod generate_key(crv: str = 'Ed25519', parameters: KeyParameters | None = None, private: bool = True, auto_kid: bool = False) OKPKey

Generate a OKPKey with the given “crv” value.

Parameters:

  • crv – OKPKey curve name

  • parameters – extra parameter in JWK

  • private – generate a private key or public key

  • auto_kid – add kid automatically

value_registry: t.ClassVar[KeyParameterRegistryDict] = {'crv': <joserfc.registry.KeyParameter object>, 'd': <joserfc.registry.KeyParameter object>, 'x': <joserfc.registry.KeyParameter object>}

Registry definition for OKP Key https://www.rfc-editor.org/rfc/rfc8037#section-2

class joserfc.jwk.OctKey(raw_value: NativePrivateKey | NativePublicKey, original_value: Any, parameters: KeyParameters | None = None)

OctKey is a symmetric key, defined by RFC7518 Section 6.4.

classmethod generate_key(key_size: int = 256, parameters: KeyParameters | None = None, private: bool = True, auto_kid: bool = False) OctKey

Generate a OctKey with the given bit size (not bytes).

Parameters:

  • key_size – size in bit

  • parameters – extra parameter in JWK

  • private – must be True

  • auto_kid – add kid automatically

value_registry: t.ClassVar[KeyParameterRegistryDict] = {'k': <joserfc.registry.KeyParameter object>}

https://www.rfc-editor.org/rfc/rfc7518#section-6.4

class joserfc.jwk.RSAKey(raw_value: NativePrivateKey | NativePublicKey, original_value: Any, parameters: KeyParameters | None = None)
classmethod generate_key(key_size: int = 2048, parameters: KeyParameters | None = None, private: bool = True, auto_kid: bool = False) RSAKey

Generate a RSAKey with the given bit size (not bytes).

Parameters:

  • key_size – size in bit

  • parameters – extra parameter in JWK

  • private – generate a private key or public key

  • auto_kid – add kid automatically

value_registry: t.ClassVar[KeyParameterRegistryDict] = {'d': <joserfc.registry.KeyParameter object>, 'dp': <joserfc.registry.KeyParameter object>, 'dq': <joserfc.registry.KeyParameter object>, 'e': <joserfc.registry.KeyParameter object>, 'n': <joserfc.registry.KeyParameter object>, 'oth': <joserfc.registry.KeyParameter object>, 'p': <joserfc.registry.KeyParameter object>, 'q': <joserfc.registry.KeyParameter object>, 'qi': <joserfc.registry.KeyParameter object>}

Registry definition for RSA Key https://www.rfc-editor.org/rfc/rfc7518#section-6.3

joserfc.jwk.guess_key(key: str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet | Callable[[GuestProtocol], str | bytes | OctKey | RSAKey | ECKey | OKPKey | KeySet], obj: GuestProtocol, use_random: bool = False) OctKey | RSAKey | ECKey | OKPKey

Guess key from a various sources.

Parameters:

  • key – a very flexible key

  • obj – a protocol that has headers and set_kid methods

  • use_random – pick a random key from key set