1

Context

I am using pyjwt to generate a jwt to send push notifications from a python backend to APNs (Apple Push Notification service). My backend is running on a standard GAE (Google App Engine) instance, so I must use the legacy packages pycrypto and ecdsa instead of cryptography within pyjwt (docs).

Problem

My auth_key.p8 (which I downloaded from Apple Developer) is formatted -----BEGIN PRIVATE KEY-----, but the ecdsa package expects it to be formatted -----BEGIN EC PRIVATE KEY-----. Hence I get the following traceback:

  File "app/venv/lib/python3.7/site-packages/jwt/api_jwt.py", line 65, in encode
    json_payload, key, algorithm, headers, json_encoder
  File "app/venv/lib/python3.7/site-packages/jwt/api_jws.py", line 113, in encode
    key = alg_obj.prepare_key(key)
  File "app/venv/lib/python3.7/site-packages/jwt/contrib/algorithms/py_ecdsa.py", line 44, in prepare_key
    key = ecdsa.SigningKey.from_pem(key)
  File "app/venv/lib/python3.7/site-packages/ecdsa/keys.py", line 189, in from_pem
    privkey_pem = string[string.index(b("-----BEGIN EC PRIVATE KEY-----")):]
ValueError: subsection not found

It seems that my auth_key is in a format that ecdsa does not accept, but I don't know what to do to fix this. Am I supposed to convert this auth_key into a different format?

Thank you for your help.

  • Did you ever figure this out? I'm running into the same issue. – Ben Sep 09 '19 at 23:39
  • 1
    looking back through my code, looks like I gave up and decided to use Firebase instead. They offer a python sdk, and handle the connection to APNS themselves. https://firebase.google.com/docs/cloud-messaging –  Sep 21 '19 at 23:32

1 Answers1

0

For me this was caused by having a newline at the end of the key. After removing the newline the error went away.

Marius
  • 380
  • 3
  • 10