In [1]:
from cryptography.hazmat.primitives.asymmetric import rsa

See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key.

In [2]:
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

Familiarize with key serialization API at https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serialization.

Also, see https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#pem.

In [3]:
from cryptography.hazmat.primitives import serialization
pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)

In [4]:
pem.splitlines()[0]

b'-----BEGIN RSA PRIVATE KEY-----'

In [5]:
public_key = private_key.public_key()
pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
pem.splitlines()[0]

b'-----BEGIN PUBLIC KEY-----'

See https://pyjwt.readthedocs.io/en/stable/usage.html#encoding-decoding-tokens-with-rs256-rsa.

In [6]:
import jwt

In [7]:
pem_private_key = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)

In [8]:
encoded = jwt.encode({"some": "payload"}, pem_private_key, algorithm="RS256")
print(encoded)

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.ZuqCnpaUIpMUlvNc4paOj2aupL1hd6IbXA-75H_zQU2PYKFCpaotIE3AizzpX_GjuX2rru5JHTOFOszdnwu_Ac-_l8HnJPIbIKDvBlxZmnu-SAFAeHOIOnudHBM6rpvp3kmu_ULYHveHugFh3Rn3899fZ77vywy-h73Fn9s18iHUOEJNBmiLsc5IQZG5EYlWuUr_rDltLOFEE1_DMJPdsFlvNGbgnwEJfiS1Du5vL5JxzTwv-zJnnS0psQbPOFtToIf8W9Qt9Yw31kUYbLh6rkQyrZ-MIE9B1bxE5QW1Vbr8XeoXvFOHZVKSnka8Xp9-_jPhcUKAfzJjxHoP-bftfg


In [9]:
pem_public_key = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)

In [10]:
decoded = jwt.decode(encoded, public_key, algorithms=["RS256"])
print(decoded)

{'some': 'payload'}
