PyCrypto Errors with .p12 file from Google Developer Console - McMap

About

PyCrypto Errors with .p12 file from Google Developer Console

Asked 29/8, 2014 at 15:30 Answered 5/3, 2015 at 7:18

google-app-engine oauth-2.0 google-oauth pycrypto oauth2client

I

1

3

I am trying to implement Google Identity Toolkit (gitkitv3) in GAE Python. After a user signs in on the website, I get the following errors:

'PKCS12 format is not supported by the PyCrpto library. '
NotImplementedError: PKCS12 format is not supported by the PyCrpto library. Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

Based on a SO reply, I ran the following commands on my x.p12 file and used the generated privatekey.pem file instead:

openssl pkcs12 -passin pass:notasecret -in x.p12 -nocerts -passout pass:notasecret -out key.pem 
openssl pkcs8 -nocrypt -in key.pem -passin pass:notasecret -topk8 -out privatekey.pem

Now, I am getting the following error:

'X509 certs are not supported by the PyCrypto library. '
NotImplementedError: X509 certs are not supported by the PyCrypto library. Try using PyOpenSSL if native code is an option.

I had downloaded the x.p12 from Google Developer Console. How to fix this error? Please help

ANY WORKAROUND?

Do I necessarily need this file .p12 file or can I copy its contents to a global variable and use it (as a workaround)? Could someone please explain me the actual use of this file?

UPDATE
Looks like PyCrypto library provided by Google is extremely limited and lacks capability to support X509.

Inearth answered 29/8, 2014 at 15:30 Comment(16)

#17994104 – Vermiculation 29/8, 2014 at 16:40

@Bruyere Thanks but I have already tried that and it did not work. – Inearth 29/8, 2014 at 18:39

Including removing the hearder "-----BEGIN PRIVATE KEY-----" ? – Vermiculation 29/8, 2014 at 18:45

@Bruyere I tried that now and I am got the first error mentioned above NotImplementedError: PKCS12 format is not supported by the PyCrpto library.. – Inearth 30/8, 2014 at 4:34

PyCrypto does not support X.509 certs at all. You can still load them as indicated here: #12911873. Mind that a private key is not an x.509 cert (which includes the public key). It is not clear what your code needs though. – Skeptic 31/8, 2014 at 8:54

@Skeptic Thanks for your suggestion. I went through the question and your answer. I am not able to figure out at which all places and what all to change myself since I am not comfortable with code in oauth2client/crypt.py. – Inearth 31/8, 2014 at 16:34

@Skeptic I tried your solution but am getting some new errors – Inearth 1/9, 2014 at 15:38

@Inearth Have you extracted the X509 cert with a command like openssl pkcs12 -clcerts -nokeys -in mycert.p12 -out usercert.pem? Can you post the cert somewhere? – Skeptic 1/9, 2014 at 18:17

@Skeptic I got present .pem by: openssl pkcs12 -in <key.p12> -nocerts -passin pass:notasecret -nodes -out <key.pem> key.pem:

Bag Attributes     friendlyName: privatekey     localKeyID: 54 69 6D 65 20 31 34 30 31 32 33 34 35 36 37 38 39 30 Key Attributes: <No Attributes> -----BEGIN PRIVATE KEY----- lots_of_characters_present_here_replaced_for_this_post= -----END PRIVATE KEY-----

Next, I deleted first 4 lines of .pem file. Final .pem looks like:

-----BEGIN PRIVATE KEY----- lots_of_characters_are_present_here_which_i_have_replaced_for_this_post= -----END PRIVATE KEY-----

– Inearth 2/9, 2014 at 2:27

@Inearth The code that fails performs a verification, and for that you need a public key, not a private key. Could you try the command from my previous comment? That gives you a public key (inside an X.509 cert). – Skeptic 2/9, 2014 at 10:11

@Skeptic I generated the new certificate using openssl pkcs12 -clcerts -nokeys -in myapp-36.p12 -out usercert.pem. The generated certificate could be seen here (replaced sensitive data). I tried and got this error. Then I removed everything before "-----BEGIN PRIVATE KEY-----" and tried again. The new certificate is here. This time, I got this error. – Inearth 2/9, 2014 at 15:22

Hi gsinha, i've been having the same problem. Can you tell me how you managed to work arround it ? – Booboo 24/10, 2014 at 14:0

@user3824957 The experimental version of PyCrypto had the fix. It has also been incorporated in GAE Production some time ago. This is the Gitkit discussion thread. I had raised an issue with GAE too. – Inearth 25/10, 2014 at 15:19

@Inearth : I am facing the same issue. Did you get any work around ? If yes please share. – Synapsis 8/5, 2015 at 5:6

@Kartik This issue had been fixed by Google a few months ago. – Inearth 20/5, 2015 at 18:5

@Inearth : yeah. Its working now though I didn't change anything. – Synapsis 21/5, 2015 at 3:35

B

8

Installing pyopenssl fixed the issue for me:

pip install pyopenssl

Bessiebessy answered 5/3, 2015 at 7:18 Comment(1)

Where do I run this command? On my mac/local machine and then include the pyopenssl package in the app.yaml before uploading to GAE? – Souther 26/11, 2015 at 22:10

Recommended topics

#Godot #Unity #Godot 4.X #Mongodb

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

© 2022 - 2024 — McMap. All rights reserved.