PrivateKey Upload to Audit Email Api failing with EncryptionPublicKeyInvalidFormat

Question

I'm accessing the Google Email Audit API (https://developers.google.com/admin-sdk/email-audit/auth#uploading_the_public_key) via NodeJS and simple POST requests. The authentication obviously works fine, I'm using it already for Signatures and User information.

I have copied the sample Encryption Key from https://github.com/google/gdata-java-client/blob/master/java/sample/appsforyourdomain/audit/AuditSampleClient.java and I have generated my own key, and each time I get the following response for the request:

Request:

<?xml version="1.0" encoding="utf-8" ?>
<atom:entry xmlns:atom="http://www.w3.org/2005/Atom" xmlns:apps="http://schemas.google.com/apps/2006"><apps:property name="publicKey" value="LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MS40LjEwIChHTlUvTGludXgpDQoNCm1RRU5CRXJXYUQ0QkNBQ3QybmdmczYvK1FPR1lieE5iYzNnTG5YSHRxcDdOVFRYTlc0U0pvKy9BMW9VWm9HeEENClF4NnpGWGhRLzhNWFc2Nis4U1RTMVlxTkpPQVJGdGpiSUtQd2pyZGN1a2RQellWS0dacmUwUmF4Q25NeUNWKzYNCkY0WU5RRDFVZWdIVHUyd0NHUjF1aVlPZkx4VWE3L2RvNnMzMVdSVEg4dmJ0aVBZOS82b2JFSXhEakR6S0lxWU8NCnJ2UkRXcUFMQllrbE9rSjNIYmdmeWw0MkVzbkxpQWhTK2RNczJQQ0RpMlgwWkpDUFo4ZVRqTHNkQXRxVlpKK1INCldDMUozVUR1RmZtY3BzRFlSdFVMOXc2WU10bGFwQys5bW1KM0FCRUJBQUcwVjBSaGMyaGxjaUJVWlhOMElDaFUNCmRHVnlNa0JrWVhOb1pYSXRhSGxrTFhSbGMzUXVZMjl0UG9rQk9BUVRBUUlBSWdVQ1N0Wm9QZ0liRFFZTENRZ0gNCmsxOVFja1Rwd0Jkc2tFWXVtRnZtV3ZlNVVYMlNWVjdmek9DMG5adGdGeHRaR2xKaEdtanNBM3J4RlRsYitJcmENCldaYXlYQ1dZaUN6ZDdtOXo1L0t5R0QyR0ZUSy85NG1kbTI1TjZHWGgvYjM1cElGWlhCSS9yWmpyWXJoWVJCRnUNCkd0ekdGSXc5QUFuRnlVekVVVVZmUFdVdEJlNXlITVc1NEM2MG5IazV4WUlhNnFGaGlMcDRQWXFaQ3JZWDFpSXMNCmZSUk9GQT09DQo9U1RIcg0KLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQ=="></apps:property></atom:entry>

Response:

<?xml version="1.0" encoding="UTF-8"?>
<AppsForYourDomainErrors>
  <error errorCode="1411" invalidInput="LS0tLS1CRUdJTiBQR1AgUFVCTElDIEtFWSBCTE9DSy0tLS0tDQpWZXJzaW9uOiBHbnVQRyB2MS40LjEwIChHTlUvTGludXgpDQoNCm1RRU5CRXJXYUQ0QkNBQ3QybmdmczYvK1FPR1lieE5iYzNnTG5YSHRxcDdOVFRYTlc0U0pvKy9BMW9VWm9HeEENClF4NnpGWGhRLzhNWFc2Nis4U1RTMVlxTkpPQVJGdGpiSUtQd2pyZGN1a2RQellWS0dacmUwUmF4Q25NeUNWKzYNCkY0WU5RRDFVZWdIVHUyd0NHUjF1aVlPZkx4VWE3L2RvNnMzMVdSVEg4dmJ0aVBZOS82b2JFSXhEakR6S0lxWU8NCnJ2UkRXcUFMQllrbE9rSjNIYmdmeWw0MkVzbkxpQWhTK2RNczJQQ0RpMlgwWkpDUFo4ZVRqTHNkQXRxVlpKK1INCldDMUozVUR1RmZtY3BzRFlSdFVMOXc2WU10bGFwQys5bW1KM0FCRUJBQUcwVjBSaGMyaGxjaUJVWlhOMElDaFUNCmRHVnlNa0JrWVhOb1pYSXRhSGxrTFhSbGMzUXVZMjl0UG9rQk9BUVRBUUlBSWdVQ1N0Wm9QZ0liRFFZTENRZ0gNCmsxOVFja1Rwd0Jkc2tFWXVtRnZtV3ZlNVVYMlNWVjdmek9DMG5adGdGeHRaR2xKaEdtanNBM3J4RlRsYitJcmENCldaYXlYQ1dZaUN6ZDdtOXo1L0t5R0QyR0ZUSy85NG1kbTI1TjZHWGgvYjM1cElGWlhCSS9yWmpyWXJoWVJCRnUNCkd0ekdGSXc5QUFuRnlVekVVVVZmUFdVdEJlNXlITVc1NEM2MG5IazV4WUlhNnFGaGlMcDRQWXFaQ3JZWDFpSXMNCmZSUk9GQT09DQo9U1RIcg0KLS0tLS1FTkQgUEdQIFBVQkxJQyBLRVkgQkxPQ0stLS0tLQ==" reason="EncryptionPublicKeyInvalidFormat" />
</AppsForYourDomainErrors>

Decoded looks like this:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)

mQENBErWaD4BCACt2ngfs6/+QOGYbxNbc3gLnXHtqp7NTTXNW4SJo+/A1oUZoGxA
Qx6zFXhQ/8MXW66+8STS1YqNJOARFtjbIKPwjrdcukdPzYVKGZre0RaxCnMyCV+6
F4YNQD1UegHTu2wCGR1uiYOfLxUa7/do6s31WRTH8vbtiPY9/6obEIxDjDzKIqYO
rvRDWqALBYklOkJ3Hbgfyl42EsnLiAhS+dMs2PCDi2X0ZJCPZ8eTjLsdAtqVZJ+R
WC1J3UDuFfmcpsDYRtUL9w6YMtlapC+9mmJ3ABEBAAG0V0Rhc2hlciBUZXN0IChU
dGVyMkBkYXNoZXItaHlkLXRlc3QuY29tPokBOAQTAQIAIgUCStZoPgIbDQYLCQgH
k19QckTpwBdskEYumFvmWve5UX2SVV7fzOC0nZtgFxtZGlJhGmjsA3rxFTlb+Ira
WZayXCWYiCzd7m9z5/KyGD2GFTK/94mdm25N6GXh/b35pIFZXBI/rZjrYrhYRBFu
GtzGFIw9AAnFyUzEUUVfPWUtBe5yHMW54C60nHk5xYIa6qFhiLp4PYqZCrYX1iIs
fRROFA==
=STHr
-----END PGP PUBLIC KEY BLOCK-----

What could be the problem?

It looks like you have uploaded an invalid key which results to return an error code 1411 (EncryptionPublicKeyInvalidFormat). I think that is the main problem as stated in the [documentation](https://developers.google.com/admin-sdk/email-audit/auth#uploading_key). Also, try to visit [this link](http://www.base64-encode.softbaba.com/questions/65794-decode-base64-invalid-input), it maybe helpful to understand about base 64 encoding. — MαπμQμαπkγVπ.0, Jan 05 '18 at 11:40
I'm pretty sure that the uploaded key is fine, it's twice encoded with base64 just as in the link you provided, I even used their public key. If you copy paste the invalidInput, then it will be the decoded public key block I posted — Thomas Rosenstein, Jan 08 '18 at 09:55
@ThomasRosenstein have you find any solution for this issue? because currently i am having the same problem.. — darkfolcer, Aug 28 '18 at 09:14

score 1 · Answer 1 · answered Jan 29 '19 at 18:38

1

You need to use older GnuPG v1.4.10 version to generate the keys. Key format was changed in some newer gpg version (probably v2.x).

answered Jan 29 '19 at 18:38

Anton Malyshev

8,686
2
27
45

score 0 · Answer 2 · answered Jan 08 '20 at 13:47

GnuPG v2.0.14 works I tested by myself (whereas newer v2.2.9 do not). Just run it from docker by using CentOS 6

docker run -v "$(pwd):/cert" --rm -it centos:6
gpg --gen-key
gpg --output /cert/email-audit-key.pub --armor --export

Now you should receive status code 201

PrivateKey Upload to Audit Email Api failing with EncryptionPublicKeyInvalidFormat

2 Answers2