I was in the mindset of "I loaded the private key, so now I need to load the public key" and reached for serialization.load_pem_public_key. That results in the following error:
ValueError: Unable to load PEM file. See https://cryptography.io/en/latest/faq/#why-can-t-i-import-my-pem-file for more details. MalformedFraming
I spent a while trying to investigate the characters are all base64, encoded correctly in utf-8, removing the extra newline, all sorts of things. As it turns out, I'm using the wrong function to load this, and should have been using x509.load_pem_x509_certificate instead.
Obvious in retrospect, but very confusing in the moment. The PEM file is valid! But the wrong kind for that function. Perhaps expanding the error message a bit more, adding (looking for PUBLIC KEY) or similar to the end might help point out the mistake the user is doing.
Here is my certificate in PEM format:
I was in the mindset of "I loaded the private key, so now I need to load the public key" and reached for
serialization.load_pem_public_key
. That results in the following error:I spent a while trying to investigate the characters are all base64, encoded correctly in utf-8, removing the extra newline, all sorts of things. As it turns out, I'm using the wrong function to load this, and should have been using
x509.load_pem_x509_certificate
instead.Obvious in retrospect, but very confusing in the moment. The PEM file is valid! But the wrong kind for that function. Perhaps expanding the error message a bit more, adding
(looking for PUBLIC KEY)
or similar to the end might help point out the mistake the user is doing.