Skip to content

fix: normalize Apple .p8 EC key PEM header/footer on load#38

Merged
kaincenteno merged 1 commit into
mainfrom
fix-auth
Jul 12, 2026
Merged

fix: normalize Apple .p8 EC key PEM header/footer on load#38
kaincenteno merged 1 commit into
mainfrom
fix-auth

Conversation

@kaincenteno

Copy link
Copy Markdown
Owner

Apple provides EC private keys in PKCS#8 PEM format (-----BEGIN PRIVATE KEY-----). The raw key bytes passed directly to jwt.encode() can fail in some PyJWT or cryptography releases due to sensitivity to the exact PEM header/footer wording or encoding.

Add a _load_ec_key() helper that loads the key through cryptography's load_pem_private_key() — which handles both PKCS#8 and SEC1/EC PEM formats transparently — and re-serialises it to a consistent PKCS#8 PEM byte string before handing it to PyJWT.

Apple provides EC private keys in PKCS#8 PEM format
(-----BEGIN PRIVATE KEY-----). The raw key bytes passed
directly to jwt.encode() can fail in some PyJWT or
cryptography releases due to sensitivity to the exact PEM
header/footer wording or encoding.

Add a _load_ec_key() helper that loads the key through
cryptography's load_pem_private_key() — which handles both
PKCS#8 and SEC1/EC PEM formats transparently — and
re-serialises it to a consistent PKCS#8 PEM byte string
before handing it to PyJWT.
@kaincenteno kaincenteno merged commit e7f5814 into main Jul 12, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant