I'm having problems using gcloud command line to import a key into Google KMS, on an Ubuntu instance (php/homestead/vagrant).
I installed gcloud using the following commands:
echo "deb [signed-by=/usr/share/keyrings/cloud.google.gpg] https://packages.cloud.google.com/apt cloud-sdk main" | sudo tee -a /etc/apt/sources.list.d/google-cloud-sdk.list
sudo apt-get install apt-transport-https ca-certificates gnupg
curl https://packages.cloud.google.com/apt/doc/apt-key.gpg | sudo apt-key --keyring /usr/share/keyrings/cloud.google.gpg add -
sudo apt-get update && sudo apt-get install google-cloud-sdk
gcloud init
Then I installed the crypto package using these commands:
pip install --user "cryptography>=2.2.0"
apt policy python-cryptography`
export CLOUDSDK_PYTHON_SITEPACKAGES=1
My php code is eventually running this command through a typical exec call:
gcloud kms keys versions import --import-job jobname --location locationname --keyring keyringname --key keyname --algorithm ec-sign-p256-sha256 --public-key-file /tmp/wrapping_public_key.pem --target-key-file /tmp/unwrapped_formatted.key
And I always get this error:
ERROR: gcloud crashed (AttributeError): module 'cryptography.hazmat.primitives.keywrap' has no attribute 'aes_key_wrap_with_padding'
It's probably important to note that I can use other functions with gcloud with success, including creation of keyrings, etc. I believe the error is related to how gcloud is installed, or a dependency issue...but I have no idea where to start troubleshooting and the GCP documentation doesn't list this problem specifically.
Any help offered would be greatly appreciated.
