Allow to verify with private key on ECAlgorithm, as well as on Ed2551…

…9Algorithm. (#645) * Add private key support for ECAlgorithm verify. * Update CHANGELOG.
jpadilla · Apr 16, 2021 · fb86f9d · fb86f9d
1 parent bcd5728
commit fb86f9d
Show file tree

Hide file tree

Showing 3 changed files with 10 additions and 0 deletions.
diff --git a/CHANGELOG.rst b/CHANGELOG.rst
@@ -18,6 +18,7 @@ Fixed
 - Remove padding from JWK test data. `#628 <https://github.com/jpadilla/pyjwt/pull/628>`__
 - Make `kty` mandatory in JWK to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
 - Allow JWK without `alg` to be compliant with RFC7517. `#624 <https://github.com/jpadilla/pyjwt/pull/624>`__
+- Allow to verify with private key on ECAlgorithm, as well as on Ed25519Algorithm. `#645 <https://github.com/jpadilla/pyjwt/pull/645>`__
 
 Added
 ~~~~~

diff --git a/jwt/algorithms.py b/jwt/algorithms.py
@@ -427,6 +427,8 @@ def verify(self, msg, key, sig):
                 return False
 
             try:
+                if isinstance(key, EllipticCurvePrivateKey):
+                    key = key.public_key()
                 key.verify(der_sig, msg, ec.ECDSA(self.hash_alg()))
                 return True
             except InvalidSignature:

diff --git a/tests/test_algorithms.py b/tests/test_algorithms.py
@@ -658,6 +658,13 @@ def test_ec_verify_should_return_true_for_test_vector(self):
         result = algo.verify(signing_input, key, signature)
         assert result
 
+        # private key can also be used.
+        with open(key_path("jwk_ec_key_P-521.json")) as keyfile:
+            private_key = algo.from_jwk(keyfile.read())
+
+        result = algo.verify(signing_input, private_key, signature)
+        assert result
+
 
 @crypto_required
 class TestEd25519Algorithms: