SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..
this is my code:
f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
scope="https://www.googleapis.com/auth/drive"
http = httplib2.Http()
http = credentials.authorize(http)
and the KEY_FILE is a PEM key, converted with the command:
openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem
but I still get this error, as if it didn't recognize that's a PEM key:
NotImplementedError: PKCS12 format is not supported by the PyCrpto library.
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.
same error if I pass just the filename to the constructor (without reading the contents of the file)
any idea?
Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:
openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem
for those interested, I ended up compiling a short tutorial on how to use the Google+ Domains APIs with python on App Engine, you can find it here: https://gist.github.com/vircheck/6292176
It's also applicable to other APIs based on service accounts, such as the Drive API etc..
来源:https://stackoverflow.com/questions/17993604/signedjwtassertioncredentials-on-appengine-doesnt-recognize-pem-key