python + script failed regarding to cryptography under /usr/lib64/python2.7

Question

I create the following python script

this python script will read the file /lpp/airflow/.sec/rmq_pass to var - pass_hash

and will decrypt it to decrypted_pass

more security_test.py
import sys
import os
import base64
from cryptography.fernet import Fernet

key_file = "/lpp/airflow/.sec/key"
rmq_pass_file = "/lpp/airflow/.sec/rmq_pass"

key = open(key_file, 'r')
f = Fernet(key.read())

pass_hash  = open(rmq_pass_file, 'r')
#decrypting the password from "pass_file" file using the key from the "key_file".
decrypted_pass = f.decrypt(pass_hash.read())
ConnStr = "amqp://airflow:" + decrypted_pass  + "@localhost:5672//"

when I run the script its failed on /usr/lib64/python2.7/site-packages/cryptography/fernet.py, or any under /usr/lib64/python2.7/site-packages/cryptography

we try to re-install the package cryptography, but this didn't help

and idea what is could be?

python  security_test.py
Traceback (most recent call last):
  File "security_test.py", line 14, in <module>
    decrypted_pass = f.decrypt(pass_hash.read())
  File "/usr/lib64/python2.7/site-packages/cryptography/fernet.py", line 75, in decrypt
    return self._decrypt_data(data, timestamp, ttl)
  File "/usr/lib64/python2.7/site-packages/cryptography/fernet.py", line 117, in _decrypt_data
    self._verify_signature(data)
  File "/usr/lib64/python2.7/site-packages/cryptography/fernet.py", line 101, in _verify_signature
    h = HMAC(self._signing_key, hashes.SHA256(), backend=self._backend)
  File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/primitives/hmac.py", line 31, in __init__
    self._ctx = self._backend.create_hmac_ctx(key, self.algorithm)
  File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/backend.py", line 207, in create_hmac_ctx
    return _HMACContext(self, key, algorithm)
  File "/usr/lib64/python2.7/site-packages/cryptography/hazmat/backends/openssl/hmac.py", line 34, in __init__
    key_ptr = self._backend._ffi.from_buffer(key)
TypeError: from_buffer() cannot return the address of the raw string within a str or unicode or bytearray object

IMPORTANT NOTE - on other machine this script is working fine

what is the best way to resolve it? by remove all modules and install them again? or by re-install python?

Answer 1

If this was installed by pip , then this issue is due to having an out-of-date cffi package (I was able to reproduce this problem by force-installing cffi 1.5 in a virtualenv ). Newer versions of cryptography require cffi >= 1.8 , but pip does not always resolve that properly (depending on a variety of other scenarios). You can pip install -U cffi to see if that resolves it, but in general you should strongly consider running Python code inside of a virtualenv and not installing packages into the global package space. The OS package manager assumes that it owns global packages and you can cause many issues with your install if you mix and match distribution packages with pip installs.