python-3.xamazon-web-servicesaws-lambda

module initialization error: Cannot load native module 'Crypto.Cipher._raw_ecb' at AWS lambda


I am making service using AWS lambda. I am using PyCryptodome for encryption and decryption. I am able to test my application locally, but when I upload to AWS lambda for decrypting. I get the error as

module initialization error: Cannot load native module 'Crypto.Cipher._raw_ecb': Trying '_raw_ecb.cpython-36m-x86_64-linux-gnu.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.cpython-36m-x86_64-linux-gnu.so: cannot open shared object file: No such file or directory, Trying '_raw_ecb.abi3.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.abi3.so: cannot open shared object file: No such file or directory, Trying '_raw_ecb.so': /var/task/Cryptodome/Util/../Cipher/_raw_ecb.so: invalid ELF header

My code for decryption is

    def blowfish_decrypt(enc):
        secret_key = b"somestring"
        iv = b"somerandomiv"
        logger.info("in the decrypter")
        crypt_obj = bf_cbc.new(secret_key, bf_cbc.MODE_CBC, IV=iv)
        original = crypt_obj.decrypt(base64.b64decode(enc))
        original = original.decode("utf-8")
        logger.info("decrypted")
        return original

I was following the resource: https://github.com/pyinstaller/pyinstaller/issues/2125, but this didn't help me either.

after applying all the details as specified I am getting the same above error.


Solution

  • It looks like your local dev environment is not compatible with the Lambda execution environment. The native libraries that PyCryptodome uses are not portable across these two environments; it matters in which env the library was pip installed.

    One way to fix it is to use Lambci docker image to build the library and then add it to the zip file. Assuming you have Docker installed, do

    docker pull lambci/lambda:build-python3.6
    docker run --rm -v `pwd`:/var/task lambci/lambda:build-python3.6 pip install pycryptodome -t pycryptodome
    

    This will pip install the lib in the docker environment. After the command finishes, you'll have it available in the pycryptodome local dir.

    For a more automated/repeatable way, have a look at AWS SAM and aws-sam-cli which gives you some very useful commands to build, package and deploy your Lambda apps.