Question
SignedJwtAssertionCredentials on appengine (with pycrypto 2.6) doesn't support the PKCS12 format, therefore I'm trying to use PEM keys instead, as suggested everywhere..
this is my code:
https://stackoverflow.com/questions/17993604
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russian f = file(os.path.join(os.path.dirname(__file__), KEY_FILE), "r")
key = f.read()
f.close()
credentials = SignedJwtAssertionCredentials(SERVICE_ACCOUNT_EMAIL, key,
scope="https://www.googleapis.com/auth/drive"
http = httplib2.Http()
http = credentials.authorize(http)
and the KEY_FILE is a PEM key, converted with the command:
openssl pkcs12 -in privatekey.p12 -nodes -nocerts > privatekey.pem
but I still get this error, as if it didn't recognize that's a PEM key:
NotImplementedError: PKCS12 format is not supported by the PyCrpto library.
Try converting to a "PEM" (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.
same error if I pass just the filename to the constructor (without reading the contents of the file)
any idea?
Solution
Yeah, the error is hugely misleading. What you're doing is fine; just remove the header from the PEM file so that it begins with -----BEGIN PRIVATE KEY-----, or run the following command over it:
openssl pkcs8 -nocrypt -in privatekey.pem -passin pass:notasecret -topk8 -out pk.pem
OTHER TIPS
for those interested, I ended up compiling a short tutorial on how to use the Google+ Domains APIs with python on App Engine, you can find it here: https://gist.github.com/vircheck/6292176
It's also applicable to other APIs based on service accounts, such as the Drive API etc..
