>>> import OpenSSL.crypto
Traceback (most recent call 
  File "<stdin>", line 1, in 

OpenSSL.crypto.Error: [('PKCS12 routines', 'PKCS12_parse', 'mac verify 

>>> OpenSSL.crypto.load_pkcs12(open('/home/user/xmpp_lab_set_pwd.p12').read(), 
<PKCS12 object at 0x7f33978ffb90> 

Well it's really because the PKCS12 container is encrypted. If I remove the 
password from the same p12 file, I can authenticate successfully.

I don't know at all if it's a huge task but it would complete the effectiveness 
of the whole security approach.

Much emphasis has been laid out with MITM attacks in diverse fields of 
electronic cummunication. It's a real threat, but it's more likely that userA 
steals userB unencrypted credentials in a desktop session that is supposed to 
used by many users and do whatever evil afterwards, pretending to be userB. 
userA will most probably lack required skills to sniff the network, intercept 
userB's communications, decrypt, alter and re-encrypt the content which he then 
forwards to userC.

(I am well aware that super hackers, national security agencies can do 
unthinkable piracy acts for whatever reason, but that's not the point here).

Have a nice day !

----- Message d'origine ----
De : Yann Leboulanger <aste...@lagaule.org>
À : Saleem Edah-Tally <nm...@yahoo.com>
Cc : gajim-devel@gajim.org
Envoyé le : Lun 25 juillet 2011, 17h 06min 35s
Objet : Re: Re : [Gajim-devel] PKCS12 with password
Gajim-devel mailing list

Reply via email to