python-3.xaws-lambdajwtpycryptopython-jose

How to resolve 'Invalid PKCS8 header error' in AWS lambda


I am trying to perform jwt.encode on a small request message with a private key that I am retrieving from DynamoDB. My work station is Mac OS.

The code works in my local environment but failed when I tried to execute it in AWS lambda python3.7 environment. Any suggestions on how to solve this issue?

{
  "errorMessage": "Invalid PKCS8 header",
  "errorType": "JWSError",
  "stackTrace": [
    "  File \"/var/task/lambda_function.py\", line 228, in lambda_handler\n    response = send_request(url, body=body)\n",
    "  File \"/var/task/lambda_function.py\", line 67, in send_request\n    token = _gen_jwt(private_key)\n",
    "  File \"/var/task/lambda_function.py\", line 52, in _gen_jwt\n    token = jwt.encode(payload, private_key, algorithm='RS256', headers=headers)\n",
    "  File \"/var/task/jose/jwt.py\", line 61, in encode\n    return jws.sign(claims, key, headers=headers, algorithm=algorithm)\n",
    "  File \"/var/task/jose/jws.py\", line 47, in sign\n    signed_output = _sign_header_and_claims(encoded_header, encoded_payload, algorithm, key)\n",
    "  File \"/var/task/jose/jws.py\", line 168, in _sign_header_and_claims\n    raise JWSError(e)\n"
  ]
}

Solution

  • This issue was resolved after I rebuild my lambda package within a Linux environment and redeploy to AWS Lambda.

    I created a docker image from python3.7.4 and deploy the package to lambda from within the container.

    This solution also solves the issue:

    ImportError: /var/task/cryptography/hazmat/bindings/_constant_time.so: invalid ELF header
    

    According to https://github.com/pyca/cryptography/issues/3051