diff --git a/jwcrypto/jwk.py b/jwcrypto/jwk.py index fe8598e..6f63656 100644 --- a/jwcrypto/jwk.py +++ b/jwcrypto/jwk.py @@ -982,7 +982,8 @@ def import_from_pyca(self, key): else: raise InvalidJWKValue('Unknown key object %r' % key) - def import_from_pem(self, data, password=None, kid=None): + def import_from_pem(self, data, password=None, kid=None, + unsafe_skip_rsa_key_validation=False): """Imports a key from data loaded from a PEM file. The key may be encrypted with a password. Private keys (PKCS#8 format), public keys, and X509 certificate's @@ -990,11 +991,15 @@ def import_from_pem(self, data, password=None, kid=None): :param data(bytes): The data contained in a PEM file. :param password(bytes): An optional password to unwrap the key. + :param unsafe_skip_rsa_key_validation(bool): This significantly + speeds up loading RSA keys, but is _unsafe_ unless you are certain + the key is valid. Passed directly to the relevant cryptography API. """ try: key = serialization.load_pem_private_key( - data, password=password, backend=default_backend()) + data, password=password, backend=default_backend(), + unsafe_skip_rsa_key_validation=unsafe_skip_rsa_key_validation) except ValueError as e: if password is not None: raise e