SignedJwtAssertionCredentials on AppEngine doesn&#

2020-02-02 12:53发布

站内问答 / 后端开发
387 2 4

SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..

this is my code:

  f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
  key = f.read()
  f.close()

  credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
      scope="https://www.googleapis.com/auth/drive"
  http = httplib2.Http()
  http = credentials.authorize(http)

and the KEY_FILE is a PEM key, converted with the command:

openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem

but I still get this error, as if it didn't recognize that's a PEM key:

NotImplementedError: PKCS12 format is not supported by the PyCrpto library. 
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

same error if I pass just the filename to the constructor (without reading the contents of the file)

any idea?

2条回答
【Aperson】
2楼-- · 2020-02-02 13:10

Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:

openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem
查看更多
0人赞 添加讨论(0) 举报
戒情不戒烟
3楼-- · 2020-02-02 13:11

for those interested, I ended up compiling a short tutorial on how to use the Google+ Domains APIs with python on App Engine, you can find it here: https://gist.github.com/vircheck/6292176

It's also applicable to other APIs based on service accounts, such as the Drive API etc..

查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)