Open pradeepravi87 opened 2 years ago
This looks to be the relevant change in cryptography
: https://github.com/pyca/cryptography/pull/7234
Seeing the same issue after upgrading cryptography to V38.*
project/foo.py:9: in <module>
import pgpy
venv/lib/python3.10/site-packages/pgpy/__init__.py:4: in <module>
from .pgp import PGPKey
venv/lib/python3.10/site-packages/pgpy/pgp.py:27: in <module>
from .constants import CompressionAlgorithm
venv/lib/python3.10/site-packages/pgpy/constants.py:23: in <module>
from ._curves import BrainpoolP256R1, BrainpoolP384R1, BrainpoolP512R1, X25519, Ed25519
venv/lib/python3.10/site-packages/pgpy/_curves.py:37: in <module>
@utils.register_interface(ec.EllipticCurve)
E AttributeError: module 'cryptography.utils' has no attribute 'register_interface'
You can try the version 37.0. See the install log, pgpy is using version 37 which should fix your problem.
%pip install cryptography==37.0 %pip install PGPy
import pgpy
Python interpreter will be restarted. Collecting cryptography==37.0 Downloading cryptography-37.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (4.0 MB) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography==37.0) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography==37.0) (2.20) Installing collected packages: cryptography Attempting uninstall: cryptography Found existing installation: cryptography 38.0.1 Not uninstalling cryptography at /databricks/python3/lib/python3.8/site-packages, outside environment /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005 Can't uninstall 'cryptography'. No files were found to uninstall. Successfully installed cryptography-37.0.0 Python interpreter will be restarted. Python interpreter will be restarted. Requirement already satisfied: PGPy in /databricks/python3/lib/python3.8/site-packages (0.5.4) Requirement already satisfied: six>=1.9.0 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (1.15.0) Requirement already satisfied: cryptography>=2.6 in /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005/lib/python3.8/site-packages (from PGPy) (37.0.0) Requirement already satisfied: pyasn1 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (0.4.8) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography>=2.6->PGPy) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.6->PGPy) (2.20) Python interpreter will be restarted.
yes with cryptography==37.0.4 it works well..
This can be fixed by switching from register_interface to subclassing (sigh) the ec.EllipticCurve abstract base class and will work in all versions of cryptography including 38.0. That will require a PR against this project + new release of course.
I created a PR that does exactly what you proposed (and what they did internally in the cryptography library). I'm not sure if this is helpful though, since I have no idea what I'm doing :grimacing:.
You can try the version 37.0. See the install log, pgpy is using version 37 which should fix your problem.
%pip install cryptography==37.0 %pip install PGPy
import pgpy
Python interpreter will be restarted. Collecting cryptography==37.0 Downloading cryptography-37.0.0-cp36-abi3-manylinux_2_24_x86_64.whl (4.0 MB) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography==37.0) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography==37.0) (2.20) Installing collected packages: cryptography Attempting uninstall: cryptography Found existing installation: cryptography 38.0.1 Not uninstalling cryptography at /databricks/python3/lib/python3.8/site-packages, outside environment /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005 Can't uninstall 'cryptography'. No files were found to uninstall. Successfully installed cryptography-37.0.0 Python interpreter will be restarted. Python interpreter will be restarted. Requirement already satisfied: PGPy in /databricks/python3/lib/python3.8/site-packages (0.5.4) Requirement already satisfied: six>=1.9.0 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (1.15.0) Requirement already satisfied: cryptography>=2.6 in /local_disk0/.ephemeral_nfs/envs/pythonEnv-fcff4e9f-8cfa-4383-98ad-989b91570005/lib/python3.8/site-packages (from PGPy) (37.0.0) Requirement already satisfied: pyasn1 in /databricks/python3/lib/python3.8/site-packages (from PGPy) (0.4.8) Requirement already satisfied: cffi>=1.12 in /databricks/python3/lib/python3.8/site-packages (from cryptography>=2.6->PGPy) (1.14.5) Requirement already satisfied: pycparser in /databricks/python3/lib/python3.8/site-packages (from cffi>=1.12->cryptography>=2.6->PGPy) (2.20) Python interpreter will be restarted.
@swadeesh - I already applied the workaround by downgrading the crypto library, I have raised this issue because at some point we would need to upgrade the cryptography version
I have raised https://github.com/SecurityInnovation/PGPy/issues/408 (and associated PR https://github.com/SecurityInnovation/PGPy/issues/408) to suggest that we release a version of PGPy that pins the maximum cryptography version to less than 38.0.0
(which is the first version which has this issue).
Until a version of PGPy
is released with this fix, you can install by manually pinning cryptography<38
:
pip install pgpy "cryptography<38"
NOTE: because cryptography
version 37.0.4
has issues with its pyOpenSSL
versions (see issue: https://github.com/pyca/pyopenssl/issues/1143), you may ALSO need to explicitly install pyOpenSSL>=22.0.0
.
Any updates on this? It's causing dependency mismatch in our code and preventing us to update other indirectly related packages that require cryptography>=38.0
(i.e. playwright)
This should be fixed with v0.6.0 which I just released
Is there a timescale for upgrading past cryptography < 38.0.0
? There are a number of high risk vulnerabilities now.
You should be able to upgrade to the latest version. No idea why this was reopened, but I didn't really have time to read and comprehend what the other issue is about 😉
You should be able to upgrade to the latest version. No idea why this was reopened, but I didn't really have time to read and comprehend what the other issue is about 😉
It's probably because pgpy hasn't been updated on conda(0.5.4). At least that's what happened to me.
We started facing this issue in the Databricks notebook environment, we realized this is because of cryptography library was upgraded a few hours back.
This breaks the compatibility to use the recent version of pgpy in our environment
Stack Trace -
AttributeError: module 'cryptography.utils' has no attribute 'register_interface'
AttributeError Traceback (most recent call last)