AppEngine上的SignedJwtAssertionCredentials无法识别PEM密钥 [英] SignedJwtAssertionCredentials on AppEngine doesn't recognize PEM key

问题描述

在appengine上（使用pycrypto 2.6）SignedJwtAssertionCredentials不支持PKCS12格式，因此我试图使用PEM键代替，正如所有地方所建议的那样。

这是我的代码：

  f = file（os.path.join（os.path.dirname（__ file__），KEY_FILE） ，r）
 key = f.read（）
 f.close（）
 
 credentials = SignedJwtAssertionCredentials（SERVICE_ACCOUNT_EMAIL，key，$ b $ scope =https： //www.googleapis.com/auth/drive
 http = httplib2.Http（）
 http = credentials.authorize（http）
  

$ b

和 KEY_FILE 是一个PEM键，用命令转换：

  openssl pkcs12 -in privatekey.p12 -nodes -nocerts> privatekey.pem 
  

但我仍然遇到这个错误，就好像它没有识别出这是一个PEM键：

  NotImplementedError：PyCrpto库不支持PKCS12格式。
尝试转换为PEM（openssl pkcs12 -in xxxxx.p12 -nodes -nocerts> privatekey.pem），或者如果本机代码是一个选项，则使用PyOpenSSL。 
  

如果我只将文件名传递给构造函数（不读取文件内容） / p>

有什么想法吗？

解决方案

是的，错误非常容易让人误解。你在做什么是好的;只需从PEM文件中删除头文件，使其以 ----- BEGIN PRIVATE KEY ----- 开头，或者对其执行以下命令：

  openssl pkcs8 -nocrypt -in privatekey.pem -passin pass：notasecret -topk8 -out pk.pem 
  

SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..

this is my code:

  f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
  key = f.read()
  f.close()

  credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
      scope="https://www.googleapis.com/auth/drive"
  http = httplib2.Http()
  http = credentials.authorize(http)

and the KEY_FILE is a PEM key, converted with the command:

openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem

but I still get this error, as if it didn't recognize that's a PEM key:

NotImplementedError: PKCS12 format is not supported by the PyCrpto library. 
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

same error if I pass just the filename to the constructor (without reading the contents of the file)

any idea?

解决方案

Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:

openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem

这篇关于AppEngine上的SignedJwtAssertionCredentials无法识别PEM密钥的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！