Add support for public keys in OpenSSH (RFC 4253) format.

Cryptography previously lacked support for ECDSA keys in RFC 4253
format. Now that they have support for those keys, we should take
advantage of it and support them in PyJWT.

Implements #243.

2 files changed, 6 insertions, 1 deletions

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 37b6ffd..060876c 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 [Unreleased][unreleased]
 -------------------------------------------------------------------------
 ### Changed
+- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
 - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances.
 - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
 
@@ -129,3 +130,4 @@ rarely used. Users affected by this should upgrade to 3.3+.
 [182]: https://github.com/jpadilla/pyjwt/pull/182
 [183]: https://github.com/jpadilla/pyjwt/pull/183
 [213]: https://github.com/jpadilla/pyjwt/pull/214
+[244]: https://github.com/jpadilla/pyjwt/pull/244
diff --git a/jwt/algorithms.py b/jwt/algorithms.py
index 2fe1883..f6d990a 100644
--- a/jwt/algorithms.py
+++ b/jwt/algorithms.py
@@ -356,7 +356,10 @@ if has_crypto:
                 # a Signing Key or a Verifying Key, so we try
                 # the Verifying Key first.
                 try:
-                    key = load_pem_public_key(key, backend=default_backend())
+                    if key.startswith(b'ecdsa-sha2-'):
+                        key = load_ssh_public_key(key, backend=default_backend())
+                    else:
+                        key = load_pem_public_key(key, backend=default_backend())
                 except ValueError:
                     key = load_pem_private_key(key, password=None, backend=default_backend())