Encrypting json with pem file in python giving RSA key format is not supported

Question

I am working on a encryption module in which the request takes parameters in encrypted JSON form. This encryption is done by a public key provided from the server as follows,

def encrypt_bank_request(request_payload):
    key = ""
    url = "http://localhost/payment/gateways/mybank.pem"
    file = urllib.request.urlopen(url)
    decoded_file = file.read().decode("utf-8")
    for line in decoded_file:
        key += line

    keyDER = base64.b64decode(key)
    keyPub = RSA.importKey(keyDER)
    cipher = Cipher_PKCS1_v1_5.new(keyPub)
    cipher_text = cipher.encrypt(request_payload.encode())
    emsg = base64.b64encode(cipher_text)
    print(emsg);

but when I am executing the code, I am getting following at keyPub = RSA.importKey(keyDER),

ValueError at /

RSA key format is not supported

The PHP equivalent of what I am trying to achieve is as follows,

$pemKey = file_get_contents("http://localhost/payment/gateways/mybank.pem");
openssl_public_encrypt($request_payload, $encrypted, $pemKey);

openssl_public_encrypt as the documentation suggests encrypts data with public key and stores the result into $encrypted.

What am I doing wrong here? is it because the function expects RSA key object and I am providing string, in that case how do I convert string to RSA key object.

I have referred the following, https://stackoverflow.com/a/46356449/11782743

Thank you for your suggestions.

P.S. my key is as following,

MIIGPjCCBSagAwIBAgIRAJig5hCghJQ8AAAAAFDbeaEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgLSBMMUswHhcNMTcwMjE1MDYyMzM5WhcNMTgwMjE0MDY1MzM3WjBxMQswCQYDVQQGEwJJTjEO
MAwGA1UECBMFVGhhbmUxEjAQBgNVBAcTCVBhdGxpcGFkYTEbMBkGA1UEChMSSUNJQ0kgQmFuayBM
aW1pdGVkMSEwHwYDVQQDExhlYXp5cGF5YXBpLmljaWNpYmFuay5jb20wggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDMzgMIqYh4HJScGoIguQFDg7+dcNY7V9BJRWdxE0L5BVHf83vGi36k
9jXXBFB7n16opD4QBEUV4uRrOisZeWA6cMGG7NTqwx1sCXxVdz/rXNqiAiWUXa+p7SsRqnbroK4k
st0mvLRI0bWvBDLw6AHhVF7+xdFRrR+d3zChM8Y3n58ZHiTMgeFf5gBFNC36frdwGR/Fp/naAu/G
1ntRa7rHLS/wuMjNg+j10ka8jfrkRf6Uxi3ogt/FjnEE0/k+xVqvMp2tlPi1mZlUb08CT2/ulfEb
lg6wBoWvipabnp8plK05L+vt1E4MXLkIbdu2WXuUNGSY5AREbWQRO6zmS12i2i3kdQHgq9bIsvMu
FzIbWuvG19btL+Vs/UtBa6FoHyLrbT+h3UDt4insSwxd0Lsxze/G91wFR8w9xGrcmGv5m2yCQuhz
6bDREiV0u6xNMn8FpTph63zU39OcdE0RQXpkAVRy6c/A2YKlAFLkaeOODDTfMbSohOQLV3DT/2Kr
wQ6o0QkT+WAC4z7RCnbhPujhop5mIzyMWtSIVx/+50fmJOQvF+QqifXOb0/XzJnhtNy8vgw8C7k7
xRMGwcgHEtxVJCU162UU3rjVtA7/DKFDoK/P47DLf4c2VT5OY98jLgz5Ez+GDCquQjY/zocYp4bA
sG/I+LCqnEAxQA2S2lNg4wIDAQABo4IBhTCCAYEwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwx
ay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0
dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0
L2wxay1jaGFpbjI1Ni5jZXIwIwYDVR0RBBwwGoIYZWF6eXBheWFwaS5pY2ljaWJhbmsuY29tMB8G
A1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBSG2RKU6li1ezRacfLkf5Tr
kECMPjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBvVGUQGLBhs9GNpNjLTVdc3WY5pYQE
5fP/otaX7GBx4bRrRZlPPh/vzIg79Ry9vs/GdvZIiyVczKZeB2ih9PKJySWEPXPgnR+aroHnQMVK
hOhBoKcohtpUmjnQLgL400h6NkQ9GS0yDebLlbJxicGIAhq+OSJhUXeYKLIk38ngPCYwL+PjHPn9
1ds0ehCuOFMuKKaY4e+hsKzc8KZPyTM7hbtw86kbheOizTGQ8M9s8ZTRnTYblSPk5w5A3fqaikG7
bAYKNWcdBGgdOCnHHCDPSP0ghtf4klR1tT99PSW1HHZ/VL8tmvw+/YNXzIdNxB+MPm3OM/A8Dz6i
khpZKNeP

Answer 1

You need to use PyCryptodome, not PyCrypto, and the key must either be base-64 with proper -----BEGIN... and -----END... lines, or you must base64-decode your base64-encoded blob yourself and supply the resulting bytes to RSA.import_key()

from Cryptodome.PublicKey import RSA

cert = '''MIIGPjCCBSagAwIBAgIRAJig5hCghJQ8AAAAAFDbeaEwDQYJKoZIhvcNAQELBQAwgboxCzAJBgNV
BAYTAlVTMRYwFAYDVQQKEw1FbnRydXN0LCBJbmMuMSgwJgYDVQQLEx9TZWUgd3d3LmVudHJ1c3Qu
bmV0L2xlZ2FsLXRlcm1zMTkwNwYDVQQLEzAoYykgMjAxMiBFbnRydXN0LCBJbmMuIC0gZm9yIGF1
dGhvcml6ZWQgdXNlIG9ubHkxLjAsBgNVBAMTJUVudHJ1c3QgQ2VydGlmaWNhdGlvbiBBdXRob3Jp
dHkgLSBMMUswHhcNMTcwMjE1MDYyMzM5WhcNMTgwMjE0MDY1MzM3WjBxMQswCQYDVQQGEwJJTjEO
MAwGA1UECBMFVGhhbmUxEjAQBgNVBAcTCVBhdGxpcGFkYTEbMBkGA1UEChMSSUNJQ0kgQmFuayBM
aW1pdGVkMSEwHwYDVQQDExhlYXp5cGF5YXBpLmljaWNpYmFuay5jb20wggIiMA0GCSqGSIb3DQEB
AQUAA4ICDwAwggIKAoICAQDMzgMIqYh4HJScGoIguQFDg7+dcNY7V9BJRWdxE0L5BVHf83vGi36k
9jXXBFB7n16opD4QBEUV4uRrOisZeWA6cMGG7NTqwx1sCXxVdz/rXNqiAiWUXa+p7SsRqnbroK4k
st0mvLRI0bWvBDLw6AHhVF7+xdFRrR+d3zChM8Y3n58ZHiTMgeFf5gBFNC36frdwGR/Fp/naAu/G
1ntRa7rHLS/wuMjNg+j10ka8jfrkRf6Uxi3ogt/FjnEE0/k+xVqvMp2tlPi1mZlUb08CT2/ulfEb
lg6wBoWvipabnp8plK05L+vt1E4MXLkIbdu2WXuUNGSY5AREbWQRO6zmS12i2i3kdQHgq9bIsvMu
FzIbWuvG19btL+Vs/UtBa6FoHyLrbT+h3UDt4insSwxd0Lsxze/G91wFR8w9xGrcmGv5m2yCQuhz
6bDREiV0u6xNMn8FpTph63zU39OcdE0RQXpkAVRy6c/A2YKlAFLkaeOODDTfMbSohOQLV3DT/2Kr
wQ6o0QkT+WAC4z7RCnbhPujhop5mIzyMWtSIVx/+50fmJOQvF+QqifXOb0/XzJnhtNy8vgw8C7k7
xRMGwcgHEtxVJCU162UU3rjVtA7/DKFDoK/P47DLf4c2VT5OY98jLgz5Ez+GDCquQjY/zocYp4bA
sG/I+LCqnEAxQA2S2lNg4wIDAQABo4IBhTCCAYEwDgYDVR0PAQH/BAQDAgWgMBMGA1UdJQQMMAoG
CCsGAQUFBwMCMDMGA1UdHwQsMCowKKAmoCSGImh0dHA6Ly9jcmwuZW50cnVzdC5uZXQvbGV2ZWwx
ay5jcmwwSwYDVR0gBEQwQjA2BgpghkgBhvpsCgEFMCgwJgYIKwYBBQUHAgEWGmh0dHA6Ly93d3cu
ZW50cnVzdC5uZXQvcnBhMAgGBmeBDAECAjBoBggrBgEFBQcBAQRcMFowIwYIKwYBBQUHMAGGF2h0
dHA6Ly9vY3NwLmVudHJ1c3QubmV0MDMGCCsGAQUFBzAChidodHRwOi8vYWlhLmVudHJ1c3QubmV0
L2wxay1jaGFpbjI1Ni5jZXIwIwYDVR0RBBwwGoIYZWF6eXBheWFwaS5pY2ljaWJhbmsuY29tMB8G
A1UdIwQYMBaAFIKicHTdvFM/z3vU981/p2DGCky/MB0GA1UdDgQWBBSG2RKU6li1ezRacfLkf5Tr
kECMPjAJBgNVHRMEAjAAMA0GCSqGSIb3DQEBCwUAA4IBAQBvVGUQGLBhs9GNpNjLTVdc3WY5pYQE
5fP/otaX7GBx4bRrRZlPPh/vzIg79Ry9vs/GdvZIiyVczKZeB2ih9PKJySWEPXPgnR+aroHnQMVK
hOhBoKcohtpUmjnQLgL400h6NkQ9GS0yDebLlbJxicGIAhq+OSJhUXeYKLIk38ngPCYwL+PjHPn9
1ds0ehCuOFMuKKaY4e+hsKzc8KZPyTM7hbtw86kbheOizTGQ8M9s8ZTRnTYblSPk5w5A3fqaikG7
bAYKNWcdBGgdOCnHHCDPSP0ghtf4klR1tT99PSW1HHZ/VL8tmvw+/YNXzIdNxB+MPm3OM/A8Dz6i
khpZKNeP'''

cert = '-----BEGIN CERTIFICATE-----\n' + cert + '\n-----END CERTIFICATE-----'


r = RSA.importKey(cert)
print(r.n)

prints out the modulus

835530417319735322904421462459451063654010910036490131542528939590706305612565738190465258970018362442504314027037982757378964476628610126628643741295376455983157717853926501344173174543509081666215334337886432121330318119586463591986644236407155160633403615394726359135900210267964618093240043978235544727335109686553571844741498488578037894004729516832328328853475766210938149668579224549929585498616511012055116486617256405348752281221841113593203898211327673790225447988279497436707544397419647915422702720143667984437532004226144606948907602116888194895153345334011560415740885466004583157439110458828130795408434017885187061379936745660293815100292079970030432352403962499538301054633885062147509036462581226410523337358445683232465510709519096907784307249725979290562163532705329623550196710312110800265447584580251840590731044582860060553698109052225806921430613417139832332963970234067131600542381764969722189768692969004592637189607748143035304212536331626692025074578149324603263114533612082445070491074737755256358022645183110670751682994979892626789172684974128522083229506601674218910572247739238520579221342029941195041299137018203411248036919473974612176366220589057599358170063558334757947393372489019738067582542051