Merge pull request #122 from jschlyter/fernet_order

Prefer raw key to FernetEncrypter

pyproject.toml

@@ -22,7 +22,7 @@ exclude_lines = [
 
 [tool.poetry]
 name = "cryptojwt"
-version = "1.8.1"
+version = "1.8.2"
 description = "Python implementation of JWT, JWE, JWS and JWK"
 authors = ["Roland Hedberg <[email protected]>"]
 license = "Apache-2.0"

src/cryptojwt/jwe/fernet.py

@@ -25,7 +25,13 @@ def __init__(
     ):
         Encrypter.__init__(self)
 
-        if password is not None:
+        if key is not None:
+            if not isinstance(key, bytes):
+                raise TypeError("Raw key must be bytes")
+            if len(key) != 32:
+                raise ValueError("Raw key must be 32 bytes")
+            self.key = base64.urlsafe_b64encode(key)
+        elif password is not None:
             _alg = getattr(hashes, hash_alg)
             # A bit special for SHAKE* and BLAKE* hashes
             if hash_alg.startswith("SHAKE") or hash_alg.startswith("BLAKE"):
@@ -35,12 +41,6 @@ def __init__(
             salt = as_bytes(salt) if salt else os.urandom(16)
             kdf = PBKDF2HMAC(algorithm=_algorithm, length=32, salt=salt, iterations=iterations)
             self.key = base64.urlsafe_b64encode(kdf.derive(as_bytes(password)))
-        elif key is not None:
-            if not isinstance(key, bytes):
-                raise TypeError("Raw key must be bytes")
-            if len(key) != 32:
-                raise ValueError("Raw key must be 32 bytes")
-            self.key = base64.urlsafe_b64encode(key)
         else:
             self.key = Fernet.generate_key()