[Gajim-devel] PKCS12 with password

nmset nmset at yahoo.com
Mon Jul 25 14:10:02 CEST 2011


Gajim is excellent for client authentication through credentials stored in a PKCS12 container. It rejects however a PKCS12 file 
protected by a password.

tlsnb_nb.py opens the PKCS12 file with :

        p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read())

It may also open a password protected PKCS12 container with :

        p12 = OpenSSL.crypto.load_pkcs12(open(conn.client_cert).read(), p12pwd)

Testing with hard-coded password works fine.

I don't have the resources to code in Python, I guess it would be fairly easy for Python gurus to modify tls_nb.py to popup a 
dialog requesting a password for the container. This will enhance security when connecting to a jabberd server from a host 
accessed by many users in one same desktop session, each one having created an account in Gajim and each one having a 
client certificate with the certificate's cn == jid (the server doesn't request password authentication in this case).

So this is a request that may enhance security in certain use cases. Of course it's not for the common user who just want 
to beep short messages at the other end of the globe.

Thank you for considering.

More information about the Gajim-devel mailing list