Welcome, guest | Sign In | My Account | Store | Cart

Notice! PyPM is being replaced with the ActiveState Platform, which enhances PyPM’s build and deploy capabilities. Create your free Platform account to download ActivePython or customize Python with the packages you require and get automatic updates.

pypm install jws

How to install jws

  1. Download and install ActivePython
  2. Open Command Prompt
  3. Type pypm install jws
 Python 2.7Python 3.2Python 3.3
Windows (32-bit)
0.1.0 Available View build log
Windows (64-bit)
0.1.0 Available View build log
Mac OS X (10.5+)
0.1.0 Available View build log
Linux (32-bit)
0.1.0 Available View build log
Linux (64-bit)
0.1.0 Available View build log
Lastest release
version 0.1.0 on Aug 9th, 2013

System Message: WARNING/2 (<string>, line 2)

Title underline too short.


A Python implementation of [JSON Web Signatures draft 02](http://self-issued.info/docs/draft-jones-json-web-signature.html)


$ git://github.com/brianlovesdata/python-jws.git $ python setup.py install


The JWS spec reserves several algorithms for cryptographic signing. Out of the 9, this library currently supports 7:

HMAC – native

  • HS256 – HMAC using SHA-256 hash algorithm
  • HS384 – HMAC using SHA-384 hash algorithm
  • HS512 – HMAC using SHA-512 hash algorithm

RSA – requires special version of pycrypto, read below

  • RS256 – RSA using SHA-256 hash algorithm

ECDSA – requires ecdsa lib: pip install ecdsa

  • ES256 – ECDSA using P-256 curve and SHA-256 hash algorithm
  • ES384 – ECDSA using P-384 curve and SHA-384 hash algorithm
  • ES512 – ECDSA using P-521 curve and SHA-512 hash algorithm

There is also a mechanism for extending functionality by adding your own algorithms without cracking open the whole codebase. See the advanced usage section for an example.

<strong>NOTE:</strong> you must use the version of pycrypto submoduled to vendor/pycrypto to get RSA256 support. However if you don't ever plan on using RSA, you don't have to worry about it – all crypto libraries are lazily loaded so you won't even notice it's not there.

If you want to know why RSA support is limited, read this: https://github.com/brianlovesdata/python-jws/blob/master/jws/algos.py#L42


Let's check out some examples.

>>> import jws
>>> header  = { 'alg': 'HS256' }
>>> payload = { 'claim': 'JSON is the raddest.', 'iss': 'brianb' }
>>> signature = jws.sign(header, payload, 'secret')
>>> jws.verify(header, payload, signature, 'secret')
>>> jws.verify(header, payload, signature, 'badbadbad')
Traceback (most recent call last):
jws.exceptions.SignatureError: Could not validate signature

Now with a real key!

>>> import ecdsa
>>> sk256 = ecdsa.SigningKey.generate(curve=ecdsa.NIST256p)
>>> vk = sk256.get_verifying_key()
>>> header = { 'alg': 'ES256' }
>>> sig = jws.sign(header, payload, sk256)
>>> jws.verify(header, payload, sig, vk)

Advanced Usage

Make this file

# file: sillycrypto.py import jws from jws.algos import AlgorithmBase, SignatureError class FXUY(AlgorithmBase):

System Message: ERROR/3 (<string>, line 78)

Unexpected indentation.
def __init__(self, x, y):
self.x = int(x) self.y = int(y)
def sign(self, msg, key):
return 'verysecure' * self.x + key * self.y
def verify(self, msg, sig, key):
if sig != self.sign(msg, key):
raise SignatureError('nope')

System Message: WARNING/2 (<string>, line 87)

Definition list ends without a blank line; unexpected unindent.

return True

jws.algos.CUSTOM += [
# a regular expression with two named matching groups. (x and y)
# named groups will be sent to the class constructor (r'^F(?P<x>d)U(?P<y>d{2})$', FXUY),

System Message: WARNING/2 (<string>, line 93)

Definition list ends without a blank line; unexpected unindent.


And in an interpreter:

>>> import jws
>>> header = { 'alg': 'F7U12' }
>>> payload = { 'claim': 'wutt' }
>>> sig = jws.sign(header, payload, '<trollface>')
Traceback (most recent call last):
jws.exceptions.AlgorithmNotImplemented: "F7U12" not implemented.
>>> import sillycrypto
>>> sig = jws.sign(header, payload, '<trollface>')
>>> jws.verify(header, payload, sig, '<trollface>')
>>> jws.verify(header, payload, sig, 'y u no verify?')
Traceback (most recent call last):
jws.exceptions.SignatureError: nope

Other Stuff

System Message: WARNING/2 (<string>, line 116)

Title underline too short.

Other Stuff

Check out https://github.com/brianlovesdata/python-jws/blob/master/examples/minijwt.py for a 14-line implemention of JWT.

See https://github.com/brianlovesdata/python-jws/blob/master/examples/ragecrypto.py for a rage-comic inspired cryptography extension.


  • Write about all the rad stuff that can be done around headers (as extensible as crypto algos)
  • Pull in JWK support


use nosetests



Subscribe to package updates

Last updated Aug 9th, 2013

What does the lock icon mean?

Builds marked with a lock icon are only available via PyPM to users with a current ActivePython Business Edition subscription.

Need custom builds or support?

ActivePython Enterprise Edition guarantees priority access to technical support, indemnification, expert consulting and quality-assured language builds.

Plan on re-distributing ActivePython?

Get re-distribution rights and eliminate legal risks with ActivePython OEM Edition.