Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Cryptography generated EC key is invalid #925

Closed
sebbegg opened this issue Nov 13, 2023 · 1 comment
Closed

Cryptography generated EC key is invalid #925

sebbegg opened this issue Nov 13, 2023 · 1 comment
Labels
stale Issues without activity for more than 60 days

Comments

@sebbegg
Copy link

sebbegg commented Nov 13, 2023
edited
Loading

Hi there,

in a mock for local testing we're using a randomly generated EC key to sign tokens.
Sometimes the key that's generated does not seem to be usable by pyjwt though, which seems odd.

Expected Result

Keys generated via cryptography, dumped to and loaded as jwk should be valid keys.

Actual Result

Some keys seem to be not supported or maybe wrongly exported/imported as jwk, leading to an InvalidKeyError.
See example below:

Reproduction Steps

import json
import time

import cryptography.hazmat.primitives.asymmetric.ec as ec
from jwt import InvalidKeyError
from jwt.algorithms import ECAlgorithm

if __name__ == "__main__":

    t = time.time()
    while time.time() - t < 10:
        private_key = ec.generate_private_key(ec.SECP256R1())
        jwk = json.loads(ECAlgorithm.to_jwk(private_key.public_key()))
        try:
            ECAlgorithm.from_jwk(jwk)
        except InvalidKeyError:
            print("Failed key:")
            print(json.dumps(jwk, indent=True))
            raise

This fails very quickly with e.g. (the key data is obviously different each time):

Failed key:
{
 "kty": "EC",
 "crv": "P-256",
 "x": "oUU2SoDzIpcux68yJAih8kCiObMKp159_j1viE2rkRQ",
 "y": "z7Os4ZxXJbpuuZD8ASTm9i5EoCAhlv_hWz2A6gG-HA"
}
Traceback (most recent call last):
  File "/xyz/jwk_error.py", line 16, in <module>
    ECAlgorithm.from_jwk(jwk)
  File "/xyz/venv/lib/python3.9/site-packages/jwt/algorithms.py", line 630, in from_jwk
    raise InvalidKeyError("Coords should be 32 bytes for curve P-256")
jwt.exceptions.InvalidKeyError: Coords should be 32 bytes for curve P-256

System Information

$ python -m jwt.help

❯ python -m "jwt.help"
{
  "cryptography": {
    "version": "41.0.5"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.9.16"
  },
  "platform": {
    "release": "23.1.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "2.8.0"
  }
}```

This command is only available on PyJWT v1.6.3 and greater. Otherwise,
please provide some basic information about your system.
@sebbegg sebbegg changed the title Unusable EC key generated Cryptography generated EC key is invalid Nov 13, 2023
@github-actions GitHub Actions
Copy link

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days

@github-actions github-actions bot added the stale Issues without activity for more than 60 days label Jan 13, 2024
@github-actions github-actions bot closed this as not planned Won't fix, can't repro, duplicate, stale Jan 21, 2024
@way-dave way-dave mentioned this issue Sep 26, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
stale Issues without activity for more than 60 days
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sebbegg