According to RFC 7516 it should be possible to encrypt the payload/claim, called JWE.
Are there any python libraries out there that support that?
I've checked PyJWT, python-jose and jwcrypto but they all just have examples for signing with HS256 (JWS).
Sorry if this is totally obvious, but when it comes to things involving crypto I'm extra cautious.
Both Jose and jwcrypto libraries can do JWE.
For jose:
claims = {
'iss': 'http://www.example.com',
'sub': 42,
}
pubKey = {'k':\
'-----BEGIN PUBLIC KEY-----\n\
-----END PUBLIC KEY-----'
}
# decrypt on the other end using the private key
privKey = {'k':
'-----BEGIN RSA PRIVATE KEY-----\n'+\
'-----END RSA PRIVATE KEY-----'
}
encJwt = jose.encrypt(claims, pubKey)
serJwt = jose.serialize_compact(encJwt)
decJwt = jose.decrypt(jose.deserialize_compact(serJwt), privKey)
For jwcrypto:
# algorithm to use
eprot = {'alg': "RSA-OAEP", 'enc': "A128CBC-HS256"}
stringPayload = u'attack at dawn'
E = jwe.JWE(stringPayload, json_encode(eprot))
E.add_recipient(pubKey)
encrypted_token = E.serialize(compact=True)
E = jwe.JWE()
E.deserialize(encrypted_token, key=privKey)
decrypted_payload = E.payload