Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

RSA256 not supported despite having cryptography (was: pycrypto) installed

See original GitHub issue

Python 3.2.3 on a RPi (Linux raspberrypi 3.18.11+ #781 PREEMPT Tue Apr 21 18:02:18 BST 2015 armv6l GNU/Linux).

PyCrypto is installed:

pycrypto                  - Cryptographic modules for Python.
  INSTALLED: 2.6.1 (latest)

python3-dev and python3-crypto are installed as well. Note: the same issue is present whether either of pycrypto or python3-crypto are installed, or both, or neither.

The following call crashes with an unsupported algorithm:

myjwt = jwt.encode(claim, private_key, algorithm='RS256', headers={"alg": "RS256", "typ": "JWT"}).decode('utf-8')

Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/local/lib/python3.2/dist-packages/jwt/api_jws.py", line 96, in encode
    alg_obj = self._algorithms[algorithm]
KeyError: 'RS256'

During handling of the above exception, another exception occurred:

Traceback (most recent call last):
  File "/usr/lib/python3.2/threading.py", line 740, in _bootstrap_inner
    self.run()
  File "/usr/lib/python3.2/threading.py", line 693, in run
    self._target(*self._args, **self._kwargs)
  File "galarmclock.py", line 241, in getcalendar
    gauth.gettoken()
  File "/root/galarmclock/googleauth.py", line 32, in gettoken
    myjwt = jwt.encode(claim, private_key, algorithm='RS256', headers={"alg": "RS256", "typ": "JWT"}).decode('utf-8')
  File "/usr/local/lib/python3.2/dist-packages/jwt/api_jwt.py", line 56, in encode
    json_payload, key, algorithm, headers, json_encoder
  File "/usr/local/lib/python3.2/dist-packages/jwt/api_jws.py", line 101, in encode
    raise NotImplementedError('Algorithm not supported')
NotImplementedError: Algorithm not supported

Issue Analytics

State:
Created 8 years ago
Reactions:6
Comments:24 (5 by maintainers)

Top GitHub Comments

20reactions

mark-adamscommented, Oct 9, 2015

Thanks for reporting @wsw70.

One small thing first. You don’t need to include the headers value in your call. Those headers will be automatically populated by PyJWT when it is creating the token. The headers parameter is for adding additional header parameters besides just those required by the spec.

Regarding your actual issue… some time ago we switched to using cryptography as the preferred cryptographic library for PyJWT. We switched for a number of reasons (most notably: the fact that cryptography is a much better implementation and is faster than PyCrypto). I strongly recommend that, if possible, you run pip install cryptography and install the cryptography package. That will resolve the issue.

If you are unable to install cryptography we do have legacy support for PyCrypto but this is not recommended unless you are on a platform (like Google App Engine) that doesn’t allow you to use cryptography.

You can setup the legacy support for algorithms by doing the following:

>>> import jwt
>>> from jwt.contrib.algorithms.pycrypto import RSAAlgorithm
>>> jwt.register_algorithm('RS256', RSAAlgorithm(RSAAlgorithm.SHA256))
>>> jwt.encode(claim, private_key, algorithm='RS256')

7reactions

pcwang0205commented, Nov 21, 2017

@mark-adams I use like this, but I catch the following error.

import jwt
from jwt.contrib.algorithms.pycrypto import RSAAlgorithm
jwt.register_algorithm('RS256', RSAAlgorithm(RSAAlgorithm.SHA256))
jwt.encode(claim, private_key, algorithm='RS256')

raise ValueError(‘Algorithm already has a handler.’) ValueError: Algorithm already has a handler.