16

I am trying to create a service account app so that I can access Google Analytics api using Python. Two things are confusing me. First, when I use the following code:

`from oauth2client.client import SignedJwtAssertionCredentials
client_email = "#####client_email#######.gserviceaccount.com"
with open("XXXXXX.p12") as f:
   private_key = f.read()
credentials = SignedJwtAssertionCredentials(client_email, private_key,'https://www.googleapis.com/auth/sqlservice.admin')`

I get the following error: 

`oauth2client.client.CryptoUnavailableError: No crypto library available`

After doing a little research I found that this might have to do with granting the app domain-wide authority to the service account. However, when I log on to the Google Developers Console I cannot locate the security icon or the more-options button. Any help much appreciated thank you.

user3277225
  • 441
  • 1
  • 5
  • 16

5 Answers5

33

This did the trick for me (without converting to PEM):

pip install PyOpenSSL

pip freeze says I have version 0.15.1

shacker
  • 12,421
  • 6
  • 74
  • 80
13

That error probably means you need the python-openssl package.

apt-get install python-openssl
Wraezor Sharp
  • 376
  • 1
  • 4
  • 8
7

Even if you are installed pycrypto & python-ssl libraries in your development environment, You need to add this pycrypto library in your application's app.yaml file.

libraries:
- name: pycrypto
  version: "latest"
Nijin Narayanan
  • 2,243
  • 1
  • 26
  • 44
  • 2
    Thanks! This was the piece I was missing. That's why you should always read more than just the accepted answer :) – Philip Walton Jul 17 '15 at 18:03
  • pycrypto is now a default runtime provided library, and we can include/use it by updating the app.yaml. This also means that we don't need to include any of our own third-party lib. Just thought the info may be useful to someone who was including the lib in their project too. – radhashankark Sep 29 '15 at 16:15
4

I just recently set this up but opted to go with PyCrypto 2.6.1, but you can also use python-openssl as mentioned in the previous answer.

The only problem I had and I can't pinpoint this down, but the P12 key generated by the Google Developer Console wasn't working with my Service Account API call (to the Content API for Shopping), and I had to switch the key to the PEM format to get things going.

My setup: (Win7, python 2.7.x, PyCrypto 2.6.1)

The error I got when trying to use the P12 key, but later resolved when converting it to PEM:

Error 3: PKCS12 format is not supported by the PyCrypto library. NotImplementedError: PKCS12 format is not supported by the PyCrypto library. Try converting to a “PEM” (openssl pkcs12 -in xxxxx.p12 -nodes -nocerts > privatekey.pem) or using PyOpenSSL if native code is an option.

One important thing, don't forget to go inside Google Analytics and grant the appropriate permissions for the client email address that is created during the creation of the Service Account.

davidtzau
  • 61
  • 4
  • When converting the `p12` file to a `pem` as @davidtzau describes you'll need to enter the default passphrase that Google sets on the `p12` file which is `notasecret`. When the `pem` content is output into the new `pem` file it no longer is protected by a passphrase. Despite this fact, the oauth2client module gracefully accepts the `pem` contents without the passphrase though it by default assumes a passphrase of `notasecret` : https://google-api-python-client.googlecode.com/hg/docs/epy/oauth2client.client.SignedJwtAssertionCredentials-class.html – gene_wood Dec 23 '14 at 06:43
0

OSX 10.11 El Capitan does not distribute OpenSSL anymore. I was able to install cryptography using Homebrew and static build:

env CRYPTOGRAPHY_OSX_NO_LINK_FLAGS=1 LDFLAGS="$(brew --prefix openssl)/lib/libssl.a $(brew --prefix openssl)/lib/libcrypto.a" CFLAGS="-I$(brew --prefix openssl)/include" pip install cryptography

More info

Mikko Ohtamaa
  • 69,174
  • 40
  • 208
  • 346