2

Hey, I'm trying to generate a signed url in python. Basically, I'm trying to access protected Amazon Cloudfront content from a Google App Engine server. Amazon has provided me with a pem file that has content which looks like:

-----BEGIN RSA PRIVATE KEY-----

MIICWQf....a lot more characters...7bx8WiUk

-----END RSA PRIVATE KEY-----

According to Getting started with secure AWS CloudFront streaming with Python, a signed url is generated through EVP as such: key = EVP.load_key_string(priv_key_string). The main problem is that Google App Engine does not support from M2Crypto import EVP. I've tried googling RSA encryption routines Google App Engine but have not found any modules that work. One I stumbled across, Signing a string with RSA private key on Google App Engine Python SDK, said I could use from tlslite.utils import keyfactory. Yet I still get a response that says No module named tlslite.utils.

In summary, I'm just wondering if anyone know's if a module that does RSA encryption routines on Google App Engine. Thanks, your help is greatly appreciated as always

Community
  • 1
  • 1
mrmo123
  • 725
  • 1
  • 8
  • 23
  • 1
    As long as the source code for the library is in pure Python or compiled Python you can include it in your directory before you deploy your app. – bossylobster Jan 10 '12 at 04:03
  • 1
    For example see the "Using the gdata-python-client Library" section in http://code.google.com/appengine/articles/python/retrieving_gdata_feeds.html – bossylobster Jan 10 '12 at 04:09
  • It seems tlslite is native Python: http://tlslite.cvs.sourceforge.net/viewvc/tlslite/tlslite/ – bossylobster Jan 10 '12 at 04:14

1 Answers1

1

As bossylobster pointed out, what you can do is include the RSA package that you need as a part of your application by copying the package's source code as a sub-directory within your app's directory structure. This gets uploaded to the app-engine service as just another part of your app. As long as the package only uses those standard library modules that app-engine provides in production, it will run as expected. The directory structure would end up looking something like:

mysite/
    app.yaml
    main.py
    urls.py
    ...
    tlslite/
        __init__.py
        ...
philofinfinitejest
  • 3,987
  • 1
  • 24
  • 22
  • thank you, tlslite can be imported now. I have one quick question...I've been trying to import M2Crypto (the folder contains the __init__.py file). However, the EVP.py in there requires a file in a subdirectory is at the same level as M2Crypto (a folder called SWIG). Because of this, importing the EVP results in an error that says the file can't be found. Any thoughts? – mrmo123 Jan 12 '12 at 15:55
  • I've been research more as to why I can't import the EVP module and realize it's a bit out of scope here. Thanks for your help though...I was able to get tlslite working. Unfortunately, the tlslite module signing doesn't work for amazon cloudfront. – mrmo123 Jan 12 '12 at 16:23
  • Unfortunately it looks like M2Crypto is not pure python -- the SWIG folder is full of C code -- so there is no chance of it working as is on app-engine. Instead use app-engine's supplied version of PyCrypto, http://code.google.com/appengine/docs/python/tools/libraries.html#PyCrypto which is available in the app-engine environment. – philofinfinitejest Jan 12 '12 at 16:34