Add support for public keys in OpenSSH (RFC 4253) format.

Cryptography previously lacked support for ECDSA keys in RFC 4253
format. Now that they have support for those keys, we should take
advantage of it and support them in PyJWT.

Implements jpadilla#243.

Author: mark-adams

CHANGELOG.md

@@ -7,6 +7,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).
 [Unreleased][unreleased]
 -------------------------------------------------------------------------
 ### Changed
+- Add support for ECDSA public keys in RFC 4253 (OpenSSH) format [#244][244]
 - Renamed commandline script `jwt` to `jwt-cli` to avoid issues with the script clobbering the `jwt` module in some circumstances.
 - Better error messages when using an algorithm that requires the cryptography package, but it isn't available [#230][230]
 
@@ -129,3 +130,4 @@ rarely used. Users affected by this should upgrade to 3.3+.
 [182]: https://github.com/jpadilla/pyjwt/pull/182
 [183]: https://github.com/jpadilla/pyjwt/pull/183
 [213]: https://github.com/jpadilla/pyjwt/pull/214
+[244]: https://github.com/jpadilla/pyjwt/pull/244

jwt/algorithms.py

@@ -356,7 +356,10 @@ def prepare_key(self, key):
                 # a Signing Key or a Verifying Key, so we try
                 # the Verifying Key first.
                 try:
-                    key = load_pem_public_key(key, backend=default_backend())
+                    if key.startswith(b'ecdsa-sha2-'):
+                        key = load_ssh_public_key(key, backend=default_backend())
+                    else:
+                        key = load_pem_public_key(key, backend=default_backend())
                 except ValueError:
                     key = load_pem_private_key(key, password=None, backend=default_backend())