JSON Web Algorithms (JWA)¶
The jwa Module implements the JSON Web Algorithms standard. This module provides classes that implement all the cryptographic algorithms required by the standard. All algorithms are accessible through the JWA class.
Classes¶
- class jwcrypto.jwa.JWA¶
JWA Signing Algorithms.
This class provides access to all JWA algorithms.
- class jwcrypto.jwa.JWAAlgorithm¶
Bases:
object- abstract property algorithm_usage_location¶
One of ‘alg’, ‘enc’ or ‘JWK’
- abstract property algorithm_use¶
One of ‘sig’, ‘kex’, ‘enc’
- abstract property description¶
A short description
- property input_keysize¶
The input key size
- abstract property keysize¶
The algorithm key size
- abstract property name¶
The algorithm Name
Registries¶
- JWA.algorithms_registry = {'A128CBC-HS256': <class 'jwcrypto.jwa._A128CbcHs256'>, 'A128GCM': <class 'jwcrypto.jwa._A128Gcm'>, 'A128GCMKW': <class 'jwcrypto.jwa._A128GcmKw'>, 'A128KW': <class 'jwcrypto.jwa._A128KW'>, 'A192CBC-HS384': <class 'jwcrypto.jwa._A192CbcHs384'>, 'A192GCM': <class 'jwcrypto.jwa._A192Gcm'>, 'A192GCMKW': <class 'jwcrypto.jwa._A192GcmKw'>, 'A192KW': <class 'jwcrypto.jwa._A192KW'>, 'A256CBC-HS512': <class 'jwcrypto.jwa._A256CbcHs512'>, 'A256GCM': <class 'jwcrypto.jwa._A256Gcm'>, 'A256GCMKW': <class 'jwcrypto.jwa._A256GcmKw'>, 'A256KW': <class 'jwcrypto.jwa._A256KW'>, 'BP256R1': <class 'jwcrypto.jwa._BP256R1'>, 'BP384R1': <class 'jwcrypto.jwa._BP384R1'>, 'BP512R1': <class 'jwcrypto.jwa._BP512R1'>, 'ECDH-ES': <class 'jwcrypto.jwa._EcdhEs'>, 'ECDH-ES+A128KW': <class 'jwcrypto.jwa._EcdhEsAes128Kw'>, 'ECDH-ES+A192KW': <class 'jwcrypto.jwa._EcdhEsAes192Kw'>, 'ECDH-ES+A256KW': <class 'jwcrypto.jwa._EcdhEsAes256Kw'>, 'ES256': <class 'jwcrypto.jwa._ES256'>, 'ES256K': <class 'jwcrypto.jwa._ES256K'>, 'ES384': <class 'jwcrypto.jwa._ES384'>, 'ES512': <class 'jwcrypto.jwa._ES512'>, 'Ed25519': <class 'jwcrypto.jwa._Ed25519'>, 'Ed448': <class 'jwcrypto.jwa._Ed448'>, 'EdDSA': <class 'jwcrypto.jwa._EdDsa'>, 'HS256': <class 'jwcrypto.jwa._HS256'>, 'HS384': <class 'jwcrypto.jwa._HS384'>, 'HS512': <class 'jwcrypto.jwa._HS512'>, 'PBES2-HS256+A128KW': <class 'jwcrypto.jwa._Pbes2Hs256A128Kw'>, 'PBES2-HS384+A192KW': <class 'jwcrypto.jwa._Pbes2Hs384A192Kw'>, 'PBES2-HS512+A256KW': <class 'jwcrypto.jwa._Pbes2Hs512A256Kw'>, 'PS256': <class 'jwcrypto.jwa._PS256'>, 'PS384': <class 'jwcrypto.jwa._PS384'>, 'PS512': <class 'jwcrypto.jwa._PS512'>, 'RS256': <class 'jwcrypto.jwa._RS256'>, 'RS384': <class 'jwcrypto.jwa._RS384'>, 'RS512': <class 'jwcrypto.jwa._RS512'>, 'RSA-OAEP': <class 'jwcrypto.jwa._RsaOaep'>, 'RSA-OAEP-256': <class 'jwcrypto.jwa._RsaOaep256'>, 'RSA1_5': <class 'jwcrypto.jwa._Rsa15'>, 'dir': <class 'jwcrypto.jwa._Direct'>, 'none': <class 'jwcrypto.jwa._None'>}¶
Module Settings¶
- jwcrypto.jwa.default_max_pbkdf2_iterations¶
The maximum number of iterations allowed for PBKDF2 key derivation.
This is a security measure to prevent denial-of-service attacks by malicious actors providing a very high iteration count.
- jwcrypto.jwa.default_enforce_hmac_key_length¶
Enforces that the HMAC key length is at least the size of the hash function’s output, as recommended by RFC 7518.
This can be disabled for compatibility with legacy or non-compliant systems that use shorter keys.