AppEngine 上的 SignedJwtAssertionCredentials 无法识别 PEM 密钥 [英] SignedJwtAssertionCredentials on AppEngine doesn't recognize PEM key

问题描述

appengine 上的 SignedJwtAssertionCredentials(使用 pycrypto 2.6)不支持 PKCS12 格式，因此我正在尝试使用 PEM 密钥，正如处处建议的那样..

SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..

这是我的代码:

  f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
  key = f.read()
  f.close()

  credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
      scope="https://www.googleapis.com/auth/drive"
  http = httplib2.Http()
  http = credentials.authorize(http)

和 KEY_FILE 是 PEM 密钥，使用以下命令转换:

and the KEY_FILE is a PEM key, converted with the command:

openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem

但我仍然收到此错误，好像它没有识别出这是 PEM 密钥:

but I still get this error, as if it didn't recognize that's a PEM key:

NotImplementedError: PKCS12 format is not supported by the PyCrpto library. 
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

如果我只将文件名传递给构造函数(不读取文件内容)，则会出现同样的错误

same error if I pass just the filename to the constructor (without reading the contents of the file)

有什么想法吗?

推荐答案

是的，该错误具有极大的误导性.你做的很好；只需从 PEM 文件中删除标题，使其以 -----BEGIN PRIVATE KEY----- 开头，或在其上运行以下命令:

Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:

openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem

这篇关于AppEngine 上的 SignedJwtAssertionCredentials 无法识别 PEM 密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！