In [1]:
from cryptography.hazmat.primitives.asymmetric import rsa

See https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#cryptography.hazmat.primitives.asymmetric.rsa.generate_private_key.

In [2]:
private_key = rsa.generate_private_key(
    public_exponent=65537,
    key_size=2048,
)

Familiarize with key serialization API at https://cryptography.io/en/latest/hazmat/primitives/asymmetric/rsa/#key-serialization.

Also, see https://cryptography.io/en/latest/hazmat/primitives/asymmetric/serialization/#pem.

In [3]:
from cryptography.hazmat.primitives import serialization
pem = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)

In [4]:
pem.splitlines()[0]

b'-----BEGIN RSA PRIVATE KEY-----'

In [5]:
public_key = private_key.public_key()
pem = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)
pem.splitlines()[0]

b'-----BEGIN PUBLIC KEY-----'

See https://pyjwt.readthedocs.io/en/stable/usage.html#encoding-decoding-tokens-with-rs256-rsa.

In [9]:
import jwt

In [6]:
pem_private_key = private_key.private_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PrivateFormat.TraditionalOpenSSL,
    encryption_algorithm=serialization.NoEncryption(),
)

In [10]:
encoded = jwt.encode({"some": "payload"}, pem_private_key, algorithm="RS256")
print(encoded)

eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.EzJU7nJafU3JPtCD8cpR1p__k7up70EaZYrOnYoPtvUxpbTBXnCEQ4qFYQw9rBMsp4livNseLKLJs1xtiF9J9KJqscb6PK5FgYD6qXpLL544S2LJodKTdfrcXRFTA-ELIpaezRMAuON2ZUVejy7Q3YMmGGYzuIqR9USsPnrFgkaup2olc_5UNIZo5LJrXZ5NuiCQGNN1FaUzlm3HnpPcwxf4ddzmm5I8wMHflz6Ql5B8MXP6KIaB2yHxWzbsoLzd3IUClSvLO043Z-lgVqH0-BFm9pPeHTq1QSGG11QIIofX-M4WI44aLi-NzBrxQtNZtl5QAKjT55ZVbYcKOPl6dQ


In [7]:
pem_public_key = public_key.public_bytes(
    encoding=serialization.Encoding.PEM,
    format=serialization.PublicFormat.SubjectPublicKeyInfo,
)

In [12]:
decoded = jwt.decode(encoded, public_key, algorithms=["RS256"])
print(decoded)

{'some': 'payload'}
