Skip to main content

While creating application,clicked the “Generate Public/Private Keypair” & get the JSON file.


From the JSON file,we have copied the content from “privateKey” & create new file (Config.PEM) and updated the “privateKey” values.



the run the below code, getting an error.



from boxsdk import JWTAuth


from boxsdk import Client



auth = JWTAuth(


client_id=‘xxxxxx’,


client_secret=‘xxxxxxxx’,


enterprise_id=‘0’,


jwt_key_id=‘xxxxxx’,


rsa_private_key_file_sys_path=‘C:\Box\config.PEM’,


rsa_private_key_passphrase=‘xxxxxxxxxxx’,


)



access_token = auth.authenticate_instance()


client = Client(auth)



Issue : Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type



C:\Program Files (x86)\Python\Python310>python.exe “C:\Users\arulap\OneDrive - Symphony Summit\Working\Official\Dev\Box\summitorchestration@gmail.com\JWTAuth_Test.py”


Traceback (most recent call last):


File “C:\Users\arulap\OneDrive - Symphony Summit\Working\Official\Dev\Box\summitorchestration@gmail.com\JWTAuth_Test.py”, line 5, in


auth = JWTAuth(


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\boxsdk\auth\jwt_auth.py”, line 108, in init


rsa_private_key = self._normalize_rsa_private_key(


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\boxsdk\auth\jwt_auth.py”, line 207, in _normalize_rsa_private_key


return serialization.load_pem_private_key(


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\cryptography\hazmat\primitives\serialization\base.py”, line 22, in load_pem_private_key


return ossl.load_pem_private_key(data, password)


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 921, in load_pem_private_key


return self._load_key(


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 1189, in _load_key


self._handle_key_loading_error()


File “C:\Users\arulap\AppData\Roaming\Python\Python310\site-packages\cryptography\hazmat\backends\openssl\backend.py”, line 1248, in _handle_key_loading_error


raise ValueError(


ValueError: (‘Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type (e.g. EC curves with explicit parameters).’, _OpenSSLErrorWithText(code=503841036, lib=60, reason=524556, reason_text=b’error:1E08010C:DECODER routines::unsupported’)])



C:\Program Files (x86)\Python\Python310>

Hi @SummitAI ! Welcome to the forum !



The error mentioned in the logs :





Issue : Could not deserialize key data. The data may be in an incorrect format, it may be encrypted with an unsupported algorithm, or it may be an unsupported key type





seems to indicate your code can’t read the content of your config.PEM file



Can you please check the content of your config.PEM file ?



Is it a JSON file or a Certificate ?



The fact you called it “config.PEM” is confusing because the name seems to indicate it’s a configuration file, but the PEM extension belongs to a certificate file.



If this file is a config file, then it should a JSON extension, and its content should looks like this :



{

"boxAppSettings": {

"clientID": "abc...123",

"clientSecret": "def...234",

"appAuth": {

"publicKeyID": "abcd1234",

"privateKey": "-----BEGIN ENCRYPTED PRIVATE KEY-----\n....\n-----END ENCRYPTED PRIVATE KEY-----\n",

"passphrase": "ghi...345"

}

},

"enterpriseID": "1234567"

}



On the oppostie, if it’s a Certificate, it should looks like this :



-----BEGIN ENCRYPTED PRIVATE KEY-----\n....\n-----END ENCRYPTED PRIVATE KEY-----\n


Hi @SummitAI , welcome to the forum.



This might be a private key formatting issue.



The configuration file you get from Box is in JSON format and the key has the new line escaped character \n. If you are reading the private key from a file rather than importing the config.json then the format might explain this behavior.



There is an easy test you can do with openssl to check if the private key can be decrypted.



For example:



openssl rsa -in your_encrypted_private-key-file.pem -out decrypted-private-key-file.pem  -passin pass:your-pass-phrase



If this returns an error then either the passphrase is incorrect or the encrypted private key is incorrect such as a bad formatting.



If so try replacing the \n with an actual end of line.



From something like this:



-----BEGIN ENCRYPTED PRIVATE KEY-----\nMIIFDdasfasdAECAggA\nMBQGCCqGSIbasdftybT6TO\nKzzasdfNZG\nlCE=\n-----END ENCRYPTED PRIVATE KEY-----\n



To something like this:



-----BEGIN ENCRYPTED PRIVATE KEY-----

MIIFDklkajshdlkjashdlkjfhaslkdjhflaksjdhflkasjdhfalksjdhKAECAggA

MBaklsjdhflaksjdhflkasjdhflkasjdhflkajsdhflkasjdhflkajshdlfknP5F

...

9vquHYklajsdhflkajshdlkfjhasdlkjhfalksdjhflkasjdhflkasddqncm+DLB

G+YPqt7uklasdjhflkasjdhflkasjdhflkasjdhlksjfhlksdlaskN+XUorJ6NZG

lCE=

-----END ENCRYPTED PRIVATE KEY-----



Alternatively, the SDK provides a method to read from the configuration JSON file.



For example:



from boxsdk import Client, JWTAuth



auth = JWTAuth.from_settings_file(

settings.JWT_PATH,

)

client = Client(auth)



Let us know if this helps



Cheers


Reply