gsutil giving Failure: PKCS12 format is not supported by the PyCrpto library

Question

I was trying object storage notification configuration as specified in https://developers.google.com/storage/docs/object-change-notification#_Service_Account

I followed the exact steps however on running 'gsutil ls' command I get following error:

/usr/local/gsutil/gsutil ls 
Failure: PKCS12 format is not supported by the PyCrpto library. Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option..

I tried converting to PEM as instructed in error message and reconfigured using gsutil config -e, but it returned the same error for PEM format.

My gsutil version is 3.37 I have compiled and installed pycrypto-2.6

Please help me to get rid of this error

Answer 1

So, it looks like there are a couple of things going wrong behind the scenes here. One of which is that the library used by gsutil that's reporting this error to you fails to correctly identify PEM files, which is why things still didn't work after running that command. We'll work on getting this fixed for the next release of gsutil.

In the short term, can you install PyOpenSSL? That should work with the PKCS12 file. You can do this with something like:

easy_install pyOpenSSL

or

pip install  pyOpenSSL

(you'll probably need to use sudo for this).

Answer 2

The way I fixed this issue (for anyone Googling this) was after running the command specified by the application, I edited the key (in Vim, but any text editor should work) and removed the extra info at the beginning of the file.

Before Editing:

Bag Attributes
    friendlyName: privatekey
    localKeyID: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
Key Attributes: <No Attributes>
-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----

After Editing:

-----BEGIN RSA PRIVATE KEY-----
...
-----END RSA PRIVATE KEY-----