3

I am making service using AWS lambda. I am using PyCryptodome for encryption and decryption. I am able to test my application locally, but when I upload to AWS lambda for decrypting. I get the error as

module initialization error: Cannot load native module 'Crypto.Cipher._raw_ecb': Trying '_raw_ecb.cpython-36m-x86_64-linux-gnu.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.cpython-36m-x86_64-linux-gnu.so: cannot open shared object file: No such file or directory, Trying '_raw_ecb.abi3.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.abi3.so: cannot open shared object file: No such file or directory, Trying '_raw_ecb.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.so: invalid ELF header

My code for decryption is 

    def blowfish_decrypt(enc):
        secret_key = b"somestring"
        iv = b"somerandomiv"
        logger.info("in the decrypter")
        crypt_obj = bf_cbc.new(secret_key, bf_cbc.MODE_CBC, IV=iv)
        original = crypt_obj.decrypt(base64.b64decode(enc))
        original = original.decode("utf-8")
        logger.info("decrypted")
        return original

I was following the resource: https://github.com/pyinstaller/pyinstaller/issues/2125, but this didn't help me either.

after applying all the details as specified I am getting the same above error.

Chitrank Dixit
  • 3,961
  • 4
  • 39
  • 59
  • How did you build the library and how do you deploy your Lambda? – Milan Cermak Jan 31 '19 at 18:52
  • I wrapped lambda function and required library into a zip and then uploaded that on AWS lambda. used `pip install pycryptodome -t .` , to collect the library in the same folder where lambda function resides. – Chitrank Dixit Jan 31 '19 at 20:56

4 Answers4

7

It looks like your local dev environment is not compatible with the Lambda execution environment. The native libraries that PyCryptodome uses are not portable across these two environments; it matters in which env the library was pip installed.

One way to fix it is to use Lambci docker image to build the library and then add it to the zip file. Assuming you have Docker installed, do

docker pull lambci/lambda:build-python3.6
docker run --rm -v `pwd`:/var/task lambci/lambda:build-python3.6 pip install pycryptodome -t pycryptodome

This will pip install the lib in the docker environment. After the command finishes, you'll have it available in the pycryptodome local dir.

For a more automated/repeatable way, have a look at AWS SAM and aws-sam-cli which gives you some very useful commands to build, package and deploy your Lambda apps.

Milan Cermak
  • 7,476
  • 3
  • 44
  • 59
  • 1
    although I was not able to run some other modules as well from python 3.6 so I had to move to 2.7 and used the lambci in has done my work thank Milan. – Chitrank Dixit Feb 07 '19 at 08:01
4

This is happening because the pycryptodome module installed on your local machine is not compatible in lambda. so there are two ways we can fix this.

  1. Use docker to pull amazonlinux image and install pycryptodome using pip install. then export the pycryptodome module to lambda layers.
  2. Start a ec2 instance, must be amazonlinux and install pycryptodome in it. then either download the module using winscp or cli to your local. Create a lambda layer package using the downloaded module and upload it to lambda layer.

make sure to follow below guidline for creating lambda layer package. Import libraries in lambda layers

Chandan Kumar
  • 1,066
  • 10
  • 16
1

I installed and run cryptodome 3.9.4 on AWS Lambda successfully (only Python 3.6).

I put the package in github. It is required to put it into your microservice.

https://github.com/grmagalhaes/python-utilities/tree/master/Crypto

Gerson Rodrigues
  • 11
  • 3
0

if you are using conda, enter these lines in cmd:

conda activate your_env_name
conda install pycrypto

If you are using pip, upload the module via pip. After installed, try again to see if you are getting the same error.

pythonic_love
  • 63
  • 8