1

I have been working on an authentication system and I need to encrypt some information. Currently I use the python-jose library and use the jwe.encrypt() function. On my computer it is working correctly but when I upload it to the AWS cloud as an AWS Lambda function it gives an error (see below). I would like to know if anyone has had this error and knows what has caused it?

My function to encrypt:

def generate_jwe_token(data: dict):
    data["exp"] = int(time.time()) + 86700
    token = jwe.encrypt(
        plaintext=str(data),
        key="1114A78B79D5C91189E2D4BD4C1F6"
    )
    return token

My serverless requirements layer section:

pythonRequirements:
    useStaticCache: false
    cacheLocation: "/temp_pip"
    slim: false
    layer:
      name: ${self:provider.stage}-login-api
      compatibleRuntimes:
        - python3.7
        - python3.8
      licenseInfo: GPLv3
      allowedAccounts:
        - "*"
    noDeploy:
      - pylint
      - coverage
      - autopep8

My requirements file:

boto3==1.17.40
botocore==1.20.112
mysql-connector-python==8.0.22
aws-secretsmanager-caching==1.1.1.5
six==1.16.0
urllib3==1.26.12
pytest==7.1.2
pytest-cov
python-jose==3.3.0
cffi==1.15.1
cryptography==39.0.1
ecdsa==0.18.0
pyasn1==0.4.8
pycparser==2.21
rsa==4.9

Error traceback:

[ERROR] JWKError: Unable to find an algorithm for key: b'1114A78B79D5C91189E2D4BD4C1F6'
Traceback (most recent call last):
  File "/var/task/functions/secret_token_rotation/rotation_token.py", line 47, in lambda_handler
    create_secret(service_client, arn, token)
  File "/var/task/functions/commons/rotation_steps.py", line 57, in create_secret
    token_credential = generate_jwe_token(data)
  File "/var/task/functions/commons/rotation_steps.py", line 166, in generate_jwe_token
    key="1114A78B79D5C91189E2D4BD4C1F6"
  File "/opt/python/jose/jwe.py", line 54, in encrypt
    enc_cek, iv, cipher_text, auth_tag = _encrypt_and_auth(key, algorithm, encryption, zip, plaintext, encoded_header)
  File "/opt/python/jose/jwe.py", line 391, in _encrypt_and_auth
    encryption_key = jwk.construct(cek_bytes, enc)
  File "/opt/python/jose/jwk.py", line 78, in construct
    raise JWKError("Unable to find an algorithm for key: %s" % key_data)

I already tried changing the runtime of my function to python 3.8.10.

I also tried changing the encryption key.

John Rotenstein
  • 241,921
  • 22
  • 380
  • 470
Sebatian Ayala
  • 11
  • 2
  • I presume you are using [JSON Web Encryption — python-jose 0.2.0 documentation](https://python-jose.readthedocs.io/en/latest/jwe/#examples). I'm not familiar with it, but looking at that documentation, it seems to also take `algorithm` and `encryption` parameters. It might be that you are running different versions, one of which has a default value for these parameters. Try providing values for those parameters. – John Rotenstein Feb 09 '23 at 21:38
  • Work with default parameters. I'm familiar with this library, but it's very strange the error since it only happens inside the lambda. Since I use different docker images with different versions of python and the requirements as they are in the requirements.txt file and it works fine. Unit tests also work well. In aws is where it fails and I don't know why. If it helps someone, change this library to Authlib. It is easier and is more documented. – Sebatian Ayala Feb 10 '23 at 15:46
  • Since it is probably using a different 'something' (library, version, etc), try it by specifying the parameters by name rather than working with positional arguments. Also, try specifying the `algorithm` and `encryption`. Please try it before dismissing the idea. Let us know how it goes, to help future readers. – John Rotenstein Feb 10 '23 at 22:28
  • Before showing it as I show it in the question, I already had those arguments explicitly specified and it didn't work. – Sebatian Ayala Feb 11 '23 at 02:10

1 Answers1

1

I was facing the same problem, after some research I found out that I needed to install the cryptography library by running pip install cryptography

I hope it will work on your end too.

Hassan A
  • 49
  • 3