AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

[benjamimo1]

When using a pair of RSA keys to try the example given in the docs:

encoded = jwt.encode({'some': 'payload'}, private_key, algorithm='RS256')
decoded = jwt.decode(encoded, public_key, algorithms='RS256')

Expected Result

I'm expecting to get both variables assigned without problem.

Actual Result

But what happens instead is that I'm getting:

AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

Reproduction Steps

import jwt
private_key = open("private.pem").read()
public_key = open("public.pem").read()
encoded = jwt.encode({'some': 'payload'}, private_key, algorithm='RS256')
decoded = jwt.decode(encoded, public_key, algorithms='RS256')

System Information

$ python -m jwt.help

{
  "cryptography": {
    "version": "1.3.2"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.5.1"
  },
  "platform": {
    "release": "18.0.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "1.6.4"
  }
}

This command is only available on PyJWT v1.6.3 and greater. Otherwise,
please provide some basic information about your system.

[theo-walton]

{
  "cryptography": {
    "version": "2.3.1"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.7.0"
  },
  "platform": {
    "release": "17.7.0",
    "system": "Darwin"
  },
  "pyjwt": {
    "version": "1.6.4"
  }
}

i also have this issue

[pcchannz]

Facing similar issue too. I am using python 2.7 & pyjwt 1.6.4. Will update this comment with environment info later.

Description
Asymmetric key encryption
Sign jwt with public key, so that receiver can decrypt with private key.

Public Key example format
-----BEGIN PUBLIC KEY-----
MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCqGKukO1De7zhZj6+H0qtjTkVxwTCpvKe4eCZ0
FPqri0cb2JZfXJ/DgYSF6vUpwmJG8wVQZKjeGcjDOL5UlsuusFncCzWBQ7RKNUSesmQRMSGkVb1/
3j+skZ6UtW+5u09lHNsj6tQ51s1SPrCBkedbNf0Tp0GbMJDyR4e9T04ZZwIDAQAB
-----END PUBLIC KEY-----

Steps
encoded = jwt.encode({'some': 'payload'}, public_key, algorithm='RS256')

Expected output
'eyJhbGciOiJIUzUxMiIsInR5cCI6IkpXVCJ9.eyJzb21lIjoicGF5bG9hZCJ9.WTzLzFO079PduJiF...'

Error message
AttributeError: '_RSAPublicKey' object has no attribute 'sign'

[logankaser]

@pcchannz With RSA you sign with the private key. JWT's do not encrypt data, they only sign it.

[pcchannz]

Thanks @logankaser. I have updated the original comment description. It should be sign jwt with public key.

Additional notes, it seem like while is mathematical possible to sign jwt with public key, it is not compliant as public key is meant to be known. If I am correct, pyjwt is compliance with the standard and therefore throwing this message?

Reference: https://stackoverflow.com/questions/44214400/can-json-web-token-sign-with-public-key

[bsima]

I'm getting the same thing following the directions on google cloud docs here

Traceback (most recent call last):
  File "gcloud_oauth_token.py", line 38, in <module>
    s = get_signed_jwt(args.jsonfile)
  File "gcloud_oauth_token.py", line 26, in get_signed_jwt
    algorithm='RS256',
  File "/home/bsima/.local/lib/python3.5/site-packages/jwt/api_jwt.py", line 65, in encode
    json_payload, key, algorithm, headers, json_encoder
  File "/home/bsima/.local/lib/python3.5/site-packages/jwt/api_jws.py", line 114, in encode
    signature = alg_obj.sign(signing_input, key)
  File "/home/bsima/.local/lib/python3.5/site-packages/jwt/algorithms.py", line 313, in sign
    return key.sign(msg, padding.PKCS1v15(), self.hash_alg())
AttributeError: '_RSAPrivateKey' object has no attribute 'sign'

My code is the same as in the above gcloud docs.

[je111ena]

Same issue.

[talilama]

I had the same issue using a Google Cloud API with JWT tokens. I solved by upgrading the version of cryptography I was using.

pip install cryptography

[jpadilla]

@talilama what exact version of pyjwt and cryptography are you using?

Can anyone use something like https://repl.it/languages/python3 to replicate this issue?

[evaristesome]

"AttributeError: 'AsymmetricKey' object has no attribute 'sign'"
As indicated, I used the below code on your page and it worked, but trying on my computer (Ubuntu 16.04, python 3.5.2, with the newest version of cryptography 2.7 using pip, Pycharm-com), we have the above error.
It might be the Python versioning. Using the same code on Windows (Eclipse, Python 3.7), it worked. Very interesting!!!
Please keep us update if something new. Let me know if you need testing. - Thanks.

testing code:
from cryptography.hazmat.backends import default_backend
from cryptography.hazmat.primitives.asymmetric import rsa
from cryptography.hazmat.primitives import hashes #for signing
from cryptography.hazmat.primitives.asymmetric import utils #for hashing larger message
from cryptography.hazmat.primitives.asymmetric import padding #for signing

private_key = rsa.generate_private_key(public_exponent=65537, key_size=2048, backend=default_backend())
public_key = private_key.public_key()

chosen_hash = hashes.SHA256()
hasher = hashes.Hash(chosen_hash, default_backend())
hasher.update(b'blabla')
hasher.update(b'Grrrrrrr')
hasher.update(b'No way')
digest = hasher.finalize()
signature = private_key.sign(digest, padding.PSS(mgf=padding.MGF1(hashes.SHA256()), salt_length=padding.PSS.MAX_LENGTH), utils.Prehashed(chosen_hash))
print(signature)

[joestubbs]

I'm also hitting this issue with the latest versions of cryptography and pyjwt:

$ python -m jwt.help
{
  "cryptography": {
    "version": "2.7"
  },
  "implementation": {
    "name": "CPython",
    "version": "3.7.0"
  },
  "platform": {
    "release": "4.4.0-148-generic",
    "system": "Linux"
  },
  "pyjwt": {
    "version": "1.7.1"
  }
}

if anyone has it working (maybe @talilama?) could you post the versions of pyjwt and crytography that you are using?

[shaneguignard]

PS> py -m jwt.help { "cryptography": { "version": "2.8" }, "implementation": { "name": "CPython", "version": "3.6.5" }, "platform": { "release": "10", "system": "Windows" }, "pyjwt": { "version": "1.7.1" } }
Same issue here, except I get has no attribute 'verify'

[janparadowski]

I think it is due to difference between _RSAPrivateKey and _RSAPublicKey in cryptography.
The latter has a verify method but the former does not. (So if you encrypt with the public key you cannot call verify on the private key in the decode call but the other way around works.)
Pass in verify=False as an option on the decode call to work around this.

[shaneguignard]

You are right, one I got the public key to verify it worked as expected Shane Guignard Sent from my iPhone

…

On Oct 25, 2019, at 9:25 AM, janparadowski ***@***.***> wrote:  I think it is due to difference between _RSAPrivateKey and _RSAPublicKey in cryptography. The latter has a verify method but the former does not. (So if you encrypt with the public key you cannot call verify on the private key in the decode call but the other way around works.) Pass in verify=False as an option on the decode call to work around this. — You are receiving this because you commented. Reply to this email directly, view it on GitHub, or unsubscribe.

[ghost]

Resolvi comentando a linha 143 do arquivo algorithms.py, meu pyjwt tá na versão 1.7.1

[rjdkolb]

Make sure you don't mix up your private key with your public.
Always verify with your public key.
I was using my private key to verify and got this message.
Struggled with this for about 2 hours...

[github-actions]

This issue is stale because it has been open 60 days with no activity. Remove stale label or comment or this will be closed in 7 days