I am currently trying to encrypting the message using PGPY library on python side so we can generate the claim for front end to use to integrate dashboard through pgp SSO.
However I am stuck at the `sign` stage , all the signed message seems not able to be decrypted on Gooddata side,
The error message is Cannot decrypt SSO message from sso provider=pgp-test.polyai-test.<hidden> Invalid sessionId
Look like pgpy only support clearSign by looking at the source code. ( At least that’s what I think why Gooddata cannot decrypt it)
I wonder if there is any suggestion on how to encrypt the message using python instead of using gnupg ?
That will be super helpful !
Thanks so much
Best answer by qian zhengView original
I was checking the request ID you provided in our logs and see the following error:
If you prepare encryptedClaims manually using gpg utility as described here and use it for log in, does that work? This way we can confirm correct keys are used for signing and encrypting.
Yes, it would work if I use GPG tool,99 % sure it’s the right key
Just checked , If I use gnupg to sign it with --clearsign option, I got the same error, so I feel like the issue is with the clearsign ( that gpgy library is doing )
If you compare outputs from the pgpy library with gpg commands we have in our documentation, are you able to decode the difference? Especially when signing the message and encrypting.
If it doesn't help, would you mind sharing with us code snippet with your PGPY pgp SSO implementation?
There is some difference for signing, gnupg generated the sign txt with header -----BEGIN PGP MESSAGE-----
But the signed.txt I generated with pgpy has header -----BEGIN PGP SIGNATURE-----
Code snippet :
I have tried with `bytearray` and just pure json str.
Thanks for looking into this for me
( Encrypting with gooddata public key is defo working correctly because I tried to encrypt the signed txt generated using gnupg sign, and it worked , so the only issue is signing )
And also if I try
This does give my the `true` and myPublicKey is the public key I shared with Gooddata team
Ok guys, I got this working !
the key thing is |= instead = ( I have no idea why, but it worked :D )
Hey Qian, I'm glad you managed to figure it out :)