JWS verification succeeds with both public and private keys when signing with the private key using RS256

[dumptyd]

Here's the code snippet.

(PS: Not my keys)

from base64 import b64decode
from jose import jws

private_key = 'MIICWwIBAAKBgGbhqjBjqCgXkqDCx1BRHDSJb9P4J+OjOPXeeIsVkY9UiBerApfTUCIVMSEOiM3u1b790Uk1e6tAUMmoM3ZUIuWsEylGflZYK7alsxEAyQfTDW/eRgMovQD8mr4TDBWKa5y61z8UDt5+YPY4XSd4y/Xh4FJpHj4yyBJzNhJ8MzrzAgMBAAECgYA+sHdBsRgABg0kxEsrF6F2KeDoaqfzv7uvpfYR2fyuN7YNpfiYhvynJ/6dw/t8cHHyRTtHvr0ypqgTmNhy2+W/AR82SYYe/4nai8aHRuTvGM7/H1GwhlggsziJepZBpemU1Iu0Ue3+ZPEn+egB7PZezxi2QbLoafGoPArTJkB/AQJBAL23VPOzi9HL3NyDVJUIQ0bk2Ev118OkLtqqe/qORjDe+iDPX2k1pe6PYhgLovRZxElbCxENu9sgWQG/sea9KkECQQCK06JQ8XtlGRphmPPWb7z1gmebBr5m7RtYdX27g53OynrKiuZ9lnwY/r3deBJqas9qMCM2G0qANUGHZIKAb9AzAkEApKfpY1oBkCSPnBOf5Xk2auFTmRnWGkb1I3O0BtJUuTXNgYx6EqYtTc/EI3p2A/2lDsWl5Tc2RAjfN1VY4hpsAQJAcJ310ovSedS/XeTiCVZjhxXeThhOZNh7kmrdMDw4zAPdUGkVSVPGH9Cm3P4GkmVLFO0v4ziIWzDYk6ipZN9PmQJARv/EHHKedpVSBps5DvI+umMvtH06GhhoIm8iFDx4W1PTez9CGjvq299NoAqxHMyZVe23Kb0vqkKyPg0pgtRGjQ=='

public_key = 'MIGeMA0GCSqGSIb3DQEBAQUAA4GMADCBiAKBgGbhqjBjqCgXkqDCx1BRHDSJb9P4J+OjOPXeeIsVkY9UiBerApfTUCIVMSEOiM3u1b790Uk1e6tAUMmoM3ZUIuWsEylGflZYK7alsxEAyQfTDW/eRgMovQD8mr4TDBWKa5y61z8UDt5+YPY4XSd4y/Xh4FJpHj4yyBJzNhJ8MzrzAgMBAAE='

token = jws.sign({'email': '[email protected]'}, b64decode(private_key), algorithm='RS256')
print token
dec = jws.verify(token, b64decode(private_key), algorithms='RS256')
print dec

[mpdavis]

This happens because the private key contains both the public and private key info. The verify method extracts the public key info and happily uses it.

Note that this will not work the other way around, which would be a huge security flaw. You can not construct a token with a public key that would pass verification with the same public key.

[mpdavis]

I will need to look into what the correct behavior should be here, I'm a little wary to start throwing an error in this case since the key being used contains the information to successfully verify the signature.

[friedcell]

Could just log a warning...

[dumptyd]

In JWT.IO's online debugger, signature verification succeeds only with the public key.

[blag]

@dumptyd Are you 100% positive that signature verification succeeds only with the public key when the selected algorithm is an RS algorithm? Because signature verification with one of the HS algorithm options selected (even though the supplied secret symmetric key is an asymmetric public key) is totally expected and perfectly fine.