jwk.construct() does not support reading a private RSA key

[michou]

Attempting to sign a JWT token with a private RSA key throws:

JWKError: Private key not available in this object

The problem seems to come from RSAKey._process_jwk() in jwk.py:

def _process_jwk(self, jwk_dict):
    if not jwk_dict.get('kty') == 'RSA':
        raise JWKError("Incorrect key type.  Expected: 'RSA', Recieved: %s" % jwk_dict.get('kty'))

    e = base64_to_long(jwk_dict.get('e', 256))
    n = base64_to_long(jwk_dict.get('n'))

    self.prepared_key = RSA.construct((n, e))
    return self.prepared_key

Note that the d, p, q fields in the JWK representation are ignored, but given the description in RSA.py (from pycrypto), these are the very values that are needed to construct a private key.

[michou]

I guess I could try to construct my own RSAKey and try to pass this as a key data, but it really takes away a lot of the convenience of using python-jose in the first place 😿

[zejn]

Currently python-jose only parses public keys via jwk spec, eg. by passing in a dictionary. You should pass in PEM string and a private key will be constructed.

[michou]

Yeah, but when I have the key set already in JWK format, it requires a lot of jumping through hoops to get the PEM string. It was easier in my case to just construct a new RSAKey based on the full tuple (n, e, d, p, q)

[michou]

I could try whipping up a quick PR if this is something that you think python-jose should be doing

[mpdavis]

I definitely think that python-jose should be able to handle private keys in the JWK format, that work just hasn't been an issue up to this point.

I would welcome a PR that included that work.

[ckong316]

+1 this feature, running into this issue as well @mpdavis