def newServerKeys(path, keyid): skey = JWK(generate='RSA', use='sig', kid=keyid) ekey = JWK(generate='RSA', use='enc', kid=keyid) with open(path, 'w') as f: os.fchmod(f.fileno(), 0o600) os.fchown(f.fileno(), 0, 0) f.write('[%s,%s]' % (skey.export(), ekey.export())) return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]
def unwrap(self, key, bitsize, ek, headers): if 'epk' not in headers: raise ValueError('Invalid Header, missing "epk" parameter') self._check_key(key) if self.keysize is None: alg = headers['enc'] else: bitsize = self.keysize alg = headers['alg'] epk = JWK(**headers['epk']) dk = self._derive(key.get_op_key('unwrapKey'), epk.get_op_key('wrapKey'), alg, bitsize, headers) if self.keysize is None: return dk else: aeskw = self.aeskwmap[bitsize]() kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) cek = aeskw.unwrap(kek, bitsize, ek, headers) return cek
def unwrap(self, key, keylen, ek, headers): if 'epk' not in headers: raise InvalidJWEData('Invalid Header, missing "epk" parameter') self._check_key(key) if self.keydatalen is None: keydatalen = keylen * 8 alg = headers['enc'] else: keydatalen = self.keydatalen alg = headers['alg'] epk = JWK(**headers['epk']) dk = self._derive(key.get_op_key('unwrapKey'), epk.get_op_key('wrapKey'), alg, keydatalen, headers) if self.keydatalen is None: return dk else: aeskw = _AesKw(keydatalen) kek = JWK(kty="oct", use="enc", k=base64url_encode(dk)) cek = aeskw.unwrap(kek, keydatalen // 8, ek, headers) return cek
def newServerKeys(path, keyid): skey = JWK(generate='RSA', use='sig', kid=keyid) ekey = JWK(generate='RSA', use='enc', kid=keyid) with open(path, 'w+') as f: f.write('[%s,%s]' % (skey.export(), ekey.export())) return [skey.get_op_key('verify'), ekey.get_op_key('encrypt')]