Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

EC to_jwk

See original GitHub issue

I’ve notices that RSA keys have a to_jwk() function in pyjwt, but EC keys do not.

I’ve cobbled together a dirty conversion routine: (shared under MIT license)

import sys
import json
from base64 import urlsafe_b64encode
import cryptography.hazmat.backends.openssl.backend
import cryptography.hazmat.primitives.serialization


def toBase64url(v: int):
    return (
        urlsafe_b64encode(v.to_bytes(100, "big").lstrip(b"\0"))
        .decode("ascii")
        .rstrip("=")
    )


def jwk_format(public_key: str, key_id: str = 1) -> dict:
    """JSON Web Key format for a public key."""
    key = cryptography.hazmat.primitives.serialization.load_pem_public_key(
        public_key.encode("ascii"), cryptography.hazmat.backends.openssl.backend
    )

    JWK_CURVE_NAMES = {"secp256r1": "P-256"}

    return {
        "epk": {
            "kty": "EC",
            "crv": JWK_CURVE_NAMES[key.public_numbers().curve.name],
            "x": toBase64url(key.public_numbers().x),
            "y": toBase64url(key.public_numbers().y),
            "kid": key_id,
        }
    }

if __name__ == "__main__":
    json.dump(jwk_format(open(sys.argv[1]).read()), sys.stdout, indent=2)

Given this input:

-----BEGIN PUBLIC KEY-----
MFkwEwYHKoZIzj0CAQYIKoZIzj0DAQcDQgAE0vYjQm7oEHaJTjZ9Hh35aTd20h/U
wiz3RbYsoaGGjXGXu/d+9k7HdfsD4RjpjZFIOdurtnY0JBZkSrhZCipyaw==
-----END PUBLIC KEY-----

It produces the output:

{
  "epk": {
    "kty": "EC",
    "crv": "P-256",
    "x": "0vYjQm7oEHaJTjZ9Hh35aTd20h_Uwiz3RbYsoaGGjXE",
    "y": "l7v3fvZOx3X7A-EY6Y2RSDnbq7Z2NCQWZEq4WQoqcms",
    "kid": 1
  }
}

If someone wants to drop this into the codebase, that would be great!

Issue Analytics

State:
Created 4 years ago
Reactions:2
Comments:6 (5 by maintainers)

Top GitHub Comments

1reaction

leonsmithcommented, Feb 8, 2022

Made a first stab at this…

https://github.com/jpadilla/pyjwt/pull/732

1reaction

dimaqqcommented, Feb 7, 2022

Here’s a summary of EC p bit sizes: https://www.johndcook.com/blog/2019/02/15/elliptic-curve-names/

Top Results From Across the Web

Generating JWK from EC public key x and y coordinates

I'm trying to generate a JWK from an EC public key that I want to send to my server. The issue I'm running...

How to generate a JSON Web Key (JWK) - Connect2id

JSON Web Keys (JWK) can be easily generated with the help of the Nimbus ... Generate EC key pair in JWK format ECKey...

coolaj86/eckles.js: ECDSA tools. Key Generation. PEM-to ...

Generate EC (ECDSA/ECDH) Key. Achieves the fastest possible key generation using node's native EC bindings to OpenSSL, then converts to JWK for ease-of-use....

JSON Web Key (JWK) for Public Elliptic-curve (EC) Key

The X and Y coordinates of our EC public key were padded with a sign bit which caused it to overflow from 32...

Add Support of EC (Elliptic Curve) for JWKS #339 - GitHub

Our company has a problem at the moment, we have "ES256" tokens with EC method, and as I saw it in JWK.PHP "kty"="EC"...