gsutil giving Failure: PKCS12 format is not supported by the PyCrpto library

F

2

I was trying object storage notification configuration as specified in https://developers.google.com/storage/docs/object-change-notification#_Service_Account

I followed the exact steps however on running 'gsutil ls' command I get following error:

/usr/local/gsutil/gsutil ls 
Failure: PKCS12 format is not supported by the PyCrpto library. Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option..

I tried converting to PEM as instructed in error message and reconfigured using gsutil config -e, but it returned the same error for PEM format.

My gsutil version is 3.37 I have compiled and installed pycrypto-2.6

Please help me to get rid of this error

Franklin answered 23/10, 2013 at 11:50 Comment(1)

Can you please send us the output of running /usr/local/gsutil/gsutil ls -D. Please remove the Authorization: headers. If you'd rather not post that debugging info on the public forum you can send it to [email protected]. – Huonghupeh 23/10, 2013 at 13:30

H

1

So, it looks like there are a couple of things going wrong behind the scenes here. One of which is that the library used by gsutil that's reporting this error to you fails to correctly identify PEM files, which is why things still didn't work after running that command. We'll work on getting this fixed for the next release of gsutil.

In the short term, can you install PyOpenSSL? That should work with the PKCS12 file. You can do this with something like:

easy_install pyOpenSSL

or

pip install  pyOpenSSL

(you'll probably need to use sudo for this).

Hayrick answered 23/10, 2013 at 19:22 Comment(1)

I installed pyOpenSSL-0.10-2.el6.x86_64 using yum, 'gsutil ls' failed, removed pyOpenSSL-0.10-2.el6.x86_64, tried pip install pyOpenSSl, installation of pyOpenSSL failed. I have to install python-devel package to get 'pip install pyOpenSSL' successful. After which, 'gsutil ls' command returned no error. – Franklin 24/10, 2013 at 10:16

A

6

The way I fixed this issue (for anyone Googling this) was after running the command specified by the application, I edited the key (in Vim, but any text editor should work) and removed the extra info at the beginning of the file.

Before Editing:

Bag Attributes
    friendlyName: privatekey
    localKeyID: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

After Editing:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

Annals answered 7/7, 2014 at 19:48 Comment(1)

Worked for me! Alternatively, this answer achieves the same result by using two different conversion tools, which results in a pem file without a header. – Imogeneimojean 8/1, 2016 at 4:5

H

1

So, it looks like there are a couple of things going wrong behind the scenes here. One of which is that the library used by gsutil that's reporting this error to you fails to correctly identify PEM files, which is why things still didn't work after running that command. We'll work on getting this fixed for the next release of gsutil.

In the short term, can you install PyOpenSSL? That should work with the PKCS12 file. You can do this with something like:

easy_install pyOpenSSL

or

pip install  pyOpenSSL

(you'll probably need to use sudo for this).

Hayrick answered 23/10, 2013 at 19:22 Comment(1)

I installed pyOpenSSL-0.10-2.el6.x86_64 using yum, 'gsutil ls' failed, removed pyOpenSSL-0.10-2.el6.x86_64, tried pip install pyOpenSSl, installation of pyOpenSSL failed. I have to install python-devel package to get 'pip install pyOpenSSL' successful. After which, 'gsutil ls' command returned no error. – Franklin 24/10, 2013 at 10:16

Recommended topics

Hot tags