>>> import OpenSSL.crypto
>>>OpenSSL.crypto.load_pkcs12(open('/home/user/xmpp_lab_set_pwd.p12').read())
>>>
>>>
>>>
Traceback (most recent call
last):
File "<stdin>", line 1, in
<module>
OpenSSL.crypto.Error: [('PKCS12 routines', 'PKCS12_parse', 'mac verify
failure')]
>>> OpenSSL.crypto.load_pkcs12(open('/home/user/xmpp_lab_set_pwd.p12').read(),
>>>'REAL_PWD')
>>>
<PKCS12 object at 0x7f33978ffb90>
Well it's really because the PKCS12 container is encrypted. If I remove the
password from the same p12 file, I can authenticate successfully.
I don't know at all if it's a huge task but it would complete the effectiveness
of the whole security approach.
Much emphasis has been laid out with MITM attacks in diverse fields of
electronic cummunication. It's a real threat, but it's more likely that userA
steals userB unencrypted credentials in a desktop session that is supposed to
be
used by many users and do whatever evil afterwards, pretending to be userB.
userA will most probably lack required skills to sniff the network, intercept
userB's communications, decrypt, alter and re-encrypt the content which he then
forwards to userC.
(I am well aware that super hackers, national security agencies can do
unthinkable piracy acts for whatever reason, but that's not the point here).
Have a nice day !
----- Message d'origine ----
De : Yann Leboulanger <aste...@lagaule.org>
À : Saleem Edah-Tally <nm...@yahoo.com>
Cc : gajim-devel@gajim.org
Envoyé le : Lun 25 juillet 2011, 17h 06min 35s
Objet : Re: Re : [Gajim-devel] PKCS12 with password
_______________________________________________
Gajim-devel mailing list
Gajim-devel@gajim.org
http://lists.gajim.org/cgi-bin/listinfo/gajim-devel
