search

web-push-libs / pywebpush

Python Webpush Data encryption library
Mozilla Public License 2.0
305 stars 52 forks source link

Problem with private_key.pem #80

Closed Iazzetta closed 6 years ago

Iazzetta commented 6 years ago

I have done some tests with push notification and works. But when I integrate with django, I get this error:

File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/pywebpush/__init__.py", line 359, in webpush
    vv = Vapid.from_string(private_key=vapid_private_key)
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/py_vapid/__init__.py", line 142, in from_string
    return cls.from_der(pkey)
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/py_vapid/__init__.py", line 99, in from_der
    backend=default_backend())
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/cryptography/hazmat/primitives/serialization.py", line 28, in load_der_private_key
    return backend.load_der_private_key(data, password)
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/cryptography/hazmat/backends/multibackend.py", line 323, in load_der_private_key
    return b.load_der_private_key(data, password)
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1018, in load_der_private_key
    password,
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1160, in _load_key
    self._handle_key_loading_error()
  File "/Users/myuser/.virtualenvs/myenv/lib/python3.6/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 1229, in _handle_key_loading_error
    raise ValueError("Could not deserialize key data.")
ValueError: Could not deserialize key data.

Why?

jrconlin commented 6 years ago

I'm not sure. The error is happening inside of the cryptography library, so there could be a number of reasons.

1) Is the private key data a valid PEM file? You can use a command like openssl ec -inform pem -in YourKeyFile.pem -text -noout

it should produce something like:

read EC key
Private-Key: (256 bit)
priv:
    00:96:70:09:fd:aa:7b:ff:29:22:fd:c3:af:5b:4e:
    4a:41:f2:0f:07:6f:89:9b:a5:46:d2:f0:64:d0:95:
    87:77:83
pub:
    04:46:cb:95:b6:e2:dd:7a:ed:eb:88:5a:00:bc:96:
    4a:41:f2:0f:07:6f:89:9b:a5:46:d2:f0:64:d0:95:
    00:96:70:09:fd:aa:7b:ff:29:22:fd:c3:af:5b:4e:
    56:4f:66:95:4d:0f:29:7d:12:ea:2f:4f:39:b0:4a:
    ef:e6:3d:43:ac
ASN1 OID: prime256v1
NIST CURVE: P-256

If not, the file may not be a proper key.

If that does work, (and if I understand that you're able to send push notifications using something like pywebpush, just not if the library is integrated into django), then I've no idea. It may be a library version conflict, or some monkey patch, or anything, really. (cryptography and openssl can be terrible about randomly changing how things work via "minor" updates)

I don't have a lot of time right now to dig into this, but I'll try to get to it as soon as I can.

Iazzetta commented 6 years ago

Thanks for the fast answer. Its a valid PEM, but maybe for use PEM in Django, I need do more things and not just pass the file in parameter. I switched the .pem file by generated private key of https://web-push-codelab.glitch.me and works. For production, I can use this generated keys?

jrconlin commented 6 years ago

You can use whatever private key you want. The vapid key is just how a remote site identifies you, so if you have a key that works, use it and protect it like you would your password.

I'm a bit curious why one key is rejected and the other accepted, but I can try and sort that out.

If you're not using the old, broken PEM file for anything, I'd appreciate if you could sent it to me. It might be useful for debugging. Also, can I presume you're using python 3.5? or are you using a different version or platform?

Thanks!

Iazzetta commented 6 years ago

Yes, Python 3.5. I delete my old private and public files :( But I generate many in my django tests.

jrconlin commented 6 years ago

Cool. No worries about the keys, I'm sure I can duplicate the problem.

jrconlin commented 6 years ago

Closing, this may be related to #89 where the underlying library could be generating incompatible key values.

RobertoMaurizzi commented 6 years ago

Just for the record, since vapid and friends try very hard to 'duck' the key passed to them (object, filename string, key string...) if the key file isn't found at the path given in the settings dictionary the code goes down a path that produces this error because the invalid filename is interpreted as a key string.