我正在尝试使用jwt生成令牌,并且正在传递有效负载,secret_key和算法('RS256')。这是代码部分
secret_key = AppConfig.JWT_SECRET_KEY
public_key = AppConfig.JWT_PUBLIC_KEY
payload = {'UserInfo': user_one.to_dict()}
payload['UserInfo']['picture'] = 'https://someimage.url'
payload.__setitem__('exp', exp) if exp is not None else ''
token = jwt.encode(payload, secret_key, algorithm='RS256').decode(CHARSET)
我遇到此错误
File "/root/.pyenv/versions/3.6.5/lib/python3.6/code.py", line 91, in runcode
exec(code, self.locals)
File "<console>", line 1, in <module>
File "/activo-api/tests/helpers/generate_token.py", line 30, in generate_token
token = jwt.encode(payload, secret_key, algorithm='RS256').decode(CHARSET)
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/jwt/api_jwt.py", line 65, in encode
json_payload, key, algorithm, headers, json_encoder
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/jwt/api_jws.py", line 113, in encode
key = alg_obj.prepare_key(key)
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/jwt/algorithms.py", line 207, in prepare_key
key = load_pem_public_key(key, backend=default_backend())
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization/base.py", line 20, in load_pem_public_key
return backend.load_pem_public_key(data)
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1071, in load_pem_public_key
self._handle_key_loading_error()
File "/root/.local/share/virtualenvs/activo-api-lpKgDXk8/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1329, in _handle_key_loading_error
raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.
当我使用HS256 algorithm时,会生成一个令牌,但是当我使用RS256 algorithm时,会出现上述错误。我已经尝试了几乎所有在线提供的解决方案,但仍然遇到相同的错误。
我的密钥具有以下格式:
-----BEGIN RSA PRIVATE KEY-----
MIIEpQIBAAKCAQEA3Tz2mr7SZiAMfQyuvBjM9Oi
RK+Lh9x5eJPo5CAZ3/ANBE0sTK0ZsDGMak2m1g7
wnLe4nOb7/eEJbDPkk05ShhBrJGBKKxb8n104o/
...........
5A13wiLitEO7nco2WfyYkQzaxCw0AwzlkVHiIyC
DtkpjGHQzPF6vOe907y5NQLvVFGXUq/FIJZxB8d==
-----END RSA PRIVATE KEY-----
预期输出应为令牌
答案 0 :(得分:1)
因此,字符串PEM密钥对我不起作用。
所以我决定将它们序列化。有几种常见的方案可将非对称私钥和公钥序列化为字节。它们通常支持私钥和其他密钥元数据的加密。解决方案的步骤如下:
使用jwt.encode()
导入以下依赖项
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization 不是在编码时传递PEM私钥的字符串格式, 序列化如下
secret_key = serialization.load_pem_private_key(
secret_key_string.encode(), password=None, backend=default_backend())
payload = {'UserInfo': {"name":"name", "email":"user@email.com"}
payload.__setitem__('exp', exp) if exp is not None else ''
token = jwt.encode(payload, secret_key, algorithm='RS256').decode(CHARSET)```
通常,jwt.encode()方法将
secret(字符串)作为其参数之一。在上述情况下,我们将serialized object传递为secret
使用jwt.decode()解码令牌时
将公共密钥从PEM编码数据反序列化为受支持的非对称公共密钥类型之一。为了成功解码令牌,请按照以下步骤操作
from cryptography.hazmat.backends import default_backend from cryptography.hazmat.primitives import serialization 使用utf-8对PEM公钥进行编码,并通过if load_pem_public_key()方法作为参数,以便按如下所示进行序列化
public_key = AppConfig.JWT_PUBLIC_KEY
public_key_obj = serialization.load_pem_public_key(
public_key.encode(), backend=default_backend())
通过如下方式将序列化的公钥对象传递到jwt.decode()方法中来对令牌进行解码
decoded_token = jwt.decode(token,public_key_obj,
algorithms=['RS256'],
options={
'verify_signature': True,
'verify_exp': True
})
您可以找到有关序列化PEM公钥和PEM私钥Here
的更多信息。
答案 1 :(得分:0)
第一:
pip install cryptography
您必须使用OpenSSL创建RSA密钥:
openssl genrsa -out jwt-key 4096
openssl rsa -in jwt-key -pubout > jwt-key.pub