Skip to content

Instantly share code, notes, and snippets.

@ptoffy

ptoffy/jwt-sphincs+.py

Created June 2, 2024 18:07
Show Gist options
  • Save ptoffy/bf9bd191f529b485219ca2c136619802 to your computer and use it in GitHub Desktop.
Save ptoffy/bf9bd191f529b485219ca2c136619802 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
jwt-sphincs+.py
import json
import base64
from pyspx import sha2_128s
import os
# 48 bytes seed
seed = "0123456789abcdef0123456789abcdef0123456789abcdef".encode('utf-8')
public_key, secret_key = sha2_128s.generate_keypair(seed)
header = {
"alg": "SPHINCS+128s",
"typ": "JWT"
}
payload = {
"sub": "vapor",
"name": "Foo",
"admin": False,
"exp": 2000000000
}
def base64url_encode(data):
return base64.urlsafe_b64encode(data).rstrip(b'=')
# Encode header and payload to Base64URL
encoded_header = base64url_encode(json.dumps(header).encode('utf-8'))
encoded_payload = base64url_encode(json.dumps(payload).encode('utf-8'))
# Create the message to sign
message = b'.'.join([encoded_header, encoded_payload])
# Sign the message
signature = sha2_128s.sign(message, secret_key)
# Encode the signature to Base64URL
encoded_signature = base64url_encode(signature)
jwt_token = b'.'.join([encoded_header, encoded_payload, encoded_signature]).decode('utf-8')
print(jwt_token)
def base64url_decode(data):
padding = '=' * (4 - len(data) % 4)
return base64.urlsafe_b64decode(data + padding)
# Split the JWT
encoded_header, encoded_payload, encoded_signature = jwt_token.split('.')
# Decode the signature
decoded_signature = base64url_decode(encoded_signature)
# Verify the signature
message = b'.'.join([encoded_header.encode('utf-8'), encoded_payload.encode('utf-8')])
is_valid = sha2_128s.verify(message, decoded_signature, public_key)
print(f"Signature valid: {is_valid}")
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment