Use pyjwkest for all JWT tasks

RESOLVED WONTFIX

Status

Marketplace
Code Quality
P3
normal
RESOLVED WONTFIX
4 years ago
2 years ago

People

(Reporter: ashort, Unassigned)

Tracking

2014-Q4
x86
Mac OS X
Points:
---

Details

(Whiteboard: [repoman][marketplace-transition])

(Reporter)

Description

4 years ago
this will let us drop M2Crypto, for one thing.
How so? The pyjwkest docs don't say that it supports RSA signing which is what we needed m2crypto for.

"This is Mozilla's fork of PyJWT which adds RSA algorithms, fixes some timing attacks, and makes a few other adjustments." ~ https://github.com/rtilder/pyjwt
(Reporter)

Comment 2

4 years ago
Hmm, it has jwkest.jwk.RSAKey, which supports signing etc. I didn't look at the docs.
it doesn't really have docs :) Well, that may work. We just need RSA signing for receipts.
if the code is based on PyJWT we should also check it for the timing attack: https://github.com/rtilder/pyjwt/commit/02956549b59da49d9e785164f1115ff4194e9375

Updated

4 years ago
Priority: -- → P3
(In reply to Allen Short [:ashort] from comment #0)
> this will let us drop M2Crypto, for one thing.

yesss
Assignee: nobody → kumar.mcmillan
Unassigning some repoman stuff until desktop payments is stable
Assignee: kumar.mcmillan → nobody

Updated

2 years ago
Status: NEW → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → WONTFIX
Whiteboard: [repoman] → [repoman][marketplace-transition]
You need to log in before you can comment on or make changes to this bug.