CtrlK
CommunityDocumentationLog inGet started
Tessl Logo

tessl/pypi-josepy

tessl install tessl/pypi-josepy@2.1.0

JOSE protocol implementation in Python with support for JSON Web Algorithms, Keys, and Signatures

Agent Success

Agent success rate when using this tile

73%

Improvement

Agent success rate improvement when using this tile compared to baseline

1.16x

Baseline

Agent success rate without this tile

63%

task.mdevals/scenario-2/

Key JWK Exporter

Utilities to load RSA, EC, and symmetric keys, emit JWK JSON, and compute RFC 7638 thumbprints.

Capabilities

RSA key export

  • Loading the following PKCS#8 RSA private key returns a JWK with kty, n, e, d, p, q, dp, dq, and qi exactly matching the listed base64url values. @test
    • PEM: 
      -----BEGIN PRIVATE KEY-----
MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAKkkMlu6jUUcIX8Q
Kt8OECFyI1rGEc3wD215rLK9D2UoYVsmVbsE+ZC9W0aWPq0qmbNGlAddSFc5cRGn
BMGWVzpHWO6gFZr9Bj/JzA1UhqBghm8sMyLhyWG6+pjm18cC/lY7joWPBWiJhZPk
uhSDvclfU+9bpUpGIyK8ZfXLHTpFAgMBAAECgYARhs2tEaSn36Vc7Ej0+hkTzib5
tgKMS27d0jjiAJNC0S9daZiCm55csDJwGwt9mCd7GzollTX0y9/6i0sD4FdDaJHw
o8sFtywaCR63PK1AsbMaWj2eIvq8KBfh7aHTxuIrWjH03sg0earFU3WB8f6AtExc
8C+bJxwprE5t3T2vYQJBANaljwhM3TlC7I98i/TmYrn9TpmgNcXnbJ1osbCd+GXa
If1Ej0D/bY7i4vuFPz67x2PAwQuM96gY1CbGwd3jIO0CQQDJuk0+mxvZVSELdm7P
1NBoFFcRw7rCz0ExxiZ8UEv3lBRp0TdhK6rqYPxL0+/KD6pYROnCVX36w0tJggTb
CUu5AkAHRjMTt+8jWqZDspfXo9sirHf2ctx/qXkf2IV1E9VwNjVCrQkhzcY7umqw
1XIwQRLfyY+BQbS+6KB/8+psB599AkBuKg2xGOfWgkTvi5fsa938WM9L5kYByUlj
M0ElNnymEfor55OEv2IxaRGfH3ieMnvmhIvcEvAfl7Nvy093htYRAkEAvzHLmAFV
ENmgLVKs2YxOerDu7xkV8lrCmzKmeccEI1k+3jGJK1hRz9OOo1q5XdpjBWDLssAa
kVyifr3unRRA9Q==
-----END PRIVATE KEY-----
    • Expected JWK values:
      • n: AKkkMlu6jUUcIX8QKt8OECFyI1rGEc3wD215rLK9D2UoYVsmVbsE-ZC9W0aWPq0qmbNGlAddSFc5cRGnBMGWVzpHWO6gFZr9Bj_JzA1UhqBghm8sMyLhyWG6-pjm18cC_lY7joWPBWiJhZPkuhSDvclfU-9bpUpGIyK8ZfXLHTpF
      • e: AQAB
      • d: EYbNrRGkp9-lXOxI9PoZE84m-bYCjEtu3dI44gCTQtEvXWmYgpueXLAycBsLfZgnexs6JZU19Mvf-otLA-BXQ2iR8KPLBbcsGgketzytQLGzGlo9niL6vCgX4e2h08biK1ox9N7INHmqxVN1gfH-gLRMXPAvmyccKaxObd09r2E
      • p: ANaljwhM3TlC7I98i_TmYrn9TpmgNcXnbJ1osbCd-GXaIf1Ej0D_bY7i4vuFPz67x2PAwQuM96gY1CbGwd3jIO0
      • q: AMm6TT6bG9lVIQt2bs_U0GgUVxHDusLPQTHGJnxQS_eUFGnRN2Erqupg_EvT78oPqlhE6cJVffrDS0mCBNsJS7k
      • dp: B0YzE7fvI1qmQ7KX16PbIqx39nLcf6l5H9iFdRPVcDY1Qq0JIc3GO7pqsNVyMEES38mPgUG0vuigf_PqbAeffQ
      • dq: bioNsRjn1oJE74uX7Gvd_FjPS-ZGAclJYzNBJTZ8phH6K-eThL9iMWkRnx94njJ75oSL3BLwH5ezb8tPd4bWEQ
      • qi: AL8xy5gBVRDZoC1SrNmMTnqw7u8ZFfJawpsypnnHBCNZPt4xiStYUc_TjqNauV3aYwVgy7LAGpFcon697p0UQPU
  • The RFC 7638 thumbprint derived from the RSA JWK public fields equals pdTRhoB7ybdYwmyPnf47L_qFnsMc4tzCZM1uEUQ8BaM. @test

EC key export

  • Loading the following P-256 EC private key PEM yields a JWK with kty, crv, x, y, and d matching the listed base64url values. @test
    • PEM: 
      -----BEGIN EC PRIVATE KEY-----
MHcCAQEEIIJgadYEtf1J2dHGvNCp/t1ZGCcTZ9WPCBxPZrDKsrlDoAoGCCqGSM49
AwEHoUQDQgAEJfyl+vMkUONn7Zwr5m6JTblwDU1VBfvrocwlTuehiQuj36BSDegN
5m1JhWyiWqLriKmnXdnP7lKnkx50MuaGvQ==
-----END EC PRIVATE KEY-----
    • Expected JWK values:
      • crv: P-256
      • x: Jfyl-vMkUONn7Zwr5m6JTblwDU1VBfvrocwlTuehiQs
      • y: o9-gUg3oDeZtSYVsolqi64ipp13Zz-5Sp5MedDLmhr0
      • d: gmBp1gS1_UnZ0ca80Kn-3VkYJxNn1Y8IHE9msMqyuUM
  • The RFC 7638 thumbprint derived from the EC JWK public fields equals xzB3PNxVfMfIThWd3NFkiZtov-U90kiZ5hpsjHkkcg8. @test

Octet key export

  • Creating a JWK from the 128-bit secret 00112233445566778899aabbccddeeff0011223344556677 (hex) results in kty: "oct" with k equal to ABEiM0RVZneImaq7zN3u_wARIjNEVWZ3. @test
  • The RFC 7638 thumbprint for that octet JWK equals MMoqVm-rsK1H2epLvhcuWrI6x2dDuRYoZs-MUwoKZUw. @test

Implementation

@generates

API

from typing import Any, Mapping

def load_jwk_from_pem(pem_data: str, password: str | None = None, public_only: bool = False) -> Mapping[str, Any]:
    """Parse RSA or EC key (public or private) from PEM/DER input and return a JWK mapping. When public_only=True, omit private parameters."""

def load_oct_key(secret: bytes | str) -> Mapping[str, str]:
    """Create an octet JWK from raw bytes or a string, normalizing base64/base16 input to base64url without padding."""

def jwk_thumbprint(jwk: Mapping[str, Any]) -> str:
    """Compute the RFC 7638 thumbprint for the provided JWK using only its public members."""

def serialize_jwk(jwk: Mapping[str, Any], indent: int | None = 2) -> str:
    """Return canonical JSON for the JWK (no padding on encoded fields), using pretty indentation when indent is provided."""

Dependencies { .dependencies }

josepy { .dependency }

Used to load PEM/DER RSA, EC keys, derive public-only JWK views, and compute RFC 7638 thumbprints.

Version

Workspace
tessl
Visibility
Public
Created
Last updated
Describes
pypipkg:pypi/josepy@2.1.x

evals

scenario-2

rubric.jsontask.md
tile.json