{"id":13937082,"url":"https://github.com/brianloveswords/python-jws","last_synced_at":"2025-12-30T01:04:04.452Z","repository":{"id":1537040,"uuid":"1836660","full_name":"brianloveswords/python-jws","owner":"brianloveswords","description":"python implementation of JSON Web Signatures","archived":false,"fork":false,"pushed_at":"2022-02-04T15:26:51.000Z","size":103,"stargazers_count":57,"open_issues_count":24,"forks_count":35,"subscribers_count":6,"default_branch":"master","last_synced_at":"2024-11-10T13:16:39.112Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":"pedrovgs/EffectiveAndroidUI","license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brianloveswords.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2011-06-02T10:56:55.000Z","updated_at":"2024-01-03T14:09:51.000Z","dependencies_parsed_at":"2022-07-07T22:22:19.228Z","dependency_job_id":null,"html_url":"https://github.com/brianloveswords/python-jws","commit_stats":null,"previous_names":[],"tags_count":1,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianloveswords%2Fpython-jws","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianloveswords%2Fpython-jws/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianloveswords%2Fpython-jws/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianloveswords%2Fpython-jws/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brianloveswords","download_url":"https://codeload.github.com/brianloveswords/python-jws/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":226693903,"owners_count":17667757,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-08-07T23:03:15.923Z","updated_at":"2025-12-30T01:04:04.425Z","avatar_url":"https://github.com/brianloveswords.png","language":"Python","readme":"python-jws\n=====\n\n๐Ÿšจ This is Unmaintained ๐Ÿšจ\n----------\n\nThis library is unmaintained and you should probably use https://github.com/latchset/jwcrypto instead.\n\nFor historical purposes, here are the docs\n------------------------------------------\n\n\n\nA Python implementation of [JSON Web Signatures draft 02](http://self-issued.info/docs/draft-jones-json-web-signature.html)\n\nAlso now works on Python 3.3+ as well as Python 2.7+. However, it's a naive conversion to support both Python 2 and Python 3 so there may well be hidden bugs.\n\nInstalling\n----------\n $ pip install jws\n\n\n\nAlgorithms\n----------\nThe JWS spec reserves several algorithms for cryptographic signing. Out of the 9, this library currently supports 7:\n\n\n**HMAC** โ€“ native\n\n* HS256 โ€“ HMAC using SHA-256 hash algorithm\n* HS384 โ€“ HMAC using SHA-384 hash algorithm\n* HS512 โ€“ HMAC using SHA-512 hash algorithm\n\n\n**RSA** โ€“ requires pycrypto \u003e= 2.5: ``pip install pycrypto``\n\n* RS256 โ€“ RSA using SHA-256 hash algorithm\n\n**ECDSA** โ€“ requires ecdsa lib: ``pip install ecdsa``\n\n* ES256 โ€“ ECDSA using P-256 curve and SHA-256 hash algorithm\n* ES384 โ€“ ECDSA using P-384 curve and SHA-384 hash algorithm\n* ES512 โ€“ ECDSA using P-521 curve and SHA-512 hash algorithm\n\nThere is also a mechanism for extending functionality by adding your own\nalgorithms without cracking open the whole codebase. See the advanced usage\nsection for an example.\n\nFor RSA and ECDSA, all crypto libraries are lazily loaded so you won't need the dependencies unless you try to use the functionality.\n\nUsage\n-----\nLet's check out some examples.\n\n \u003e\u003e\u003e import jws\n \u003e\u003e\u003e header = { 'alg': 'HS256' }\n \u003e\u003e\u003e payload = { 'claim': 'JSON is the raddest.', 'iss': 'brianb' }\n \u003e\u003e\u003e signature = jws.sign(header, payload, 'secret')\n \u003e\u003e\u003e jws.verify(header, payload, signature, 'secret')\n True\n \u003e\u003e\u003e jws.verify(header, payload, signature, 'badbadbad')\n Traceback (most recent call last):\n ...\n jws.exceptions.SignatureError: Could not validate signature\n\nNow with a real key!\n\n \u003e\u003e\u003e import ecdsa\n \u003e\u003e\u003e sk256 = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)\n \u003e\u003e\u003e vk = sk256.get_verifying_key()\n \u003e\u003e\u003e header = { 'alg': 'ES256' }\n \u003e\u003e\u003e sig = jws.sign(header, payload, sk256)\n \u003e\u003e\u003e jws.verify(header, payload, sig, vk)\n True\n\nAdvanced Usage\n--------------\nMake this file\n\n # file: sillycrypto.py\n import jws\n from jws.algos import AlgorithmBase, SignatureError\n class FXUY(AlgorithmBase):\n def __init__(self, x, y):\n self.x = int(x)\n self.y = int(y)\n def sign(self, msg, key):\n return 'verysecure' * self.x + key * self.y\n\n def verify(self, msg, sig, key):\n if sig != self.sign(msg, key):\n raise SignatureError('nope')\n return True\n\n jws.algos.CUSTOM += [\n # a regular expression with two named matching groups. (x and y)\n # named groups will be sent to the class constructor\n (r'^F(?P\u003cx\u003e\\d)U(?P\u003cy\u003e\\d{2})$', FXUY),\n ]\n\nAnd in an interpreter:\n\n \u003e\u003e\u003e import jws\n \u003e\u003e\u003e header = { 'alg': 'F7U12' }\n \u003e\u003e\u003e payload = { 'claim': 'wutt' }\n \u003e\u003e\u003e sig = jws.sign(header, payload, '\u003ctrollface\u003e')\n Traceback (most recent call last):\n ....\n jws.exceptions.AlgorithmNotImplemented: \"F7U12\" not implemented.\n \u003e\u003e\u003e\n \u003e\u003e\u003e import sillycrypto\n \u003e\u003e\u003e sig = jws.sign(header, payload, '\u003ctrollface\u003e')\n \u003e\u003e\u003e jws.verify(header, payload, sig, '\u003ctrollface\u003e')\n True\n \u003e\u003e\u003e jws.verify(header, payload, sig, 'y u no verify?')\n Traceback (most recent call last):\n ....\n jws.exceptions.SignatureError: nope\n\n\nOther Stuff\n---------\n\nCheck out\nhttps://github.com/brianloveswords/python-jws/blob/master/examples/minijwt.py\nfor a 14-line implemention of JWT.\n\nSee\nhttps://github.com/brianloveswords/python-jws/blob/master/examples/ragecrypto.py\nfor a rage-comic inspired cryptography extension.\n\nTODO\n-------\n* Write about all the rad stuff that can be done around headers (as extensible as crypto algos)\n* Pull in JWK support\n\n\nTests\n-----\n\nuse nosetests\n\nLicense\n-------\n\nMIT\n","funding_links":[],"categories":["Authentication","่ต„ๆบๅˆ—่กจ","Python","Awesome Python"],"sub_categories":["้ชŒ่ฏ","Authentication"],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianloveswords%2Fpython-jws","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrianloveswords%2Fpython-jws","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianloveswords%2Fpython-jws/lists"}