[Gajim-devel] Re : Re : PKCS12 with password

[Saleem Edah-Tally]

>>> import OpenSSL.crypto
>>>OpenSSL.crypto.load_pkcs12(open('/home/user/xmpp_lab_set_pwd.p12').read())         
>>>  
>>>
Traceback (most recent call 
last):                                                                           
 
  File "<stdin>", line 1, in 
<module>                                                                         

OpenSSL.crypto.Error: [('PKCS12 routines', 'PKCS12_parse', 'mac verify 
failure')]                             

>>> OpenSSL.crypto.load_pkcs12(open('/home/user/xmpp_lab_set_pwd.p12').read(), 
>>>'REAL_PWD')                       
>>>
<PKCS12 object at 0x7f33978ffb90> 

Well it's really because the PKCS12 container is encrypted. If I remove the 
password from the same p12 file, I can authenticate successfully.

I don't know at all if it's a huge task but it would complete the effectiveness 
of the whole security approach.

Much emphasis has been laid out with MITM attacks in diverse fields of 
electronic cummunication. It's a real threat, but it's more likely that userA 
steals userB unencrypted credentials in a desktop session that is supposed to be 
used by many users and do whatever evil afterwards, pretending to be userB. 
userA will most probably lack required skills to sniff the network, intercept 
userB's communications, decrypt, alter and re-encrypt the content which he then 
forwards to userC.

(I am well aware that super hackers, national security agencies can do 
unthinkable piracy acts for whatever reason, but that's not the point here).

Have a nice day !





----- Message d'origine ----
De : Yann Leboulanger <asterix at lagaule.org>
À : Saleem Edah-Tally <nmset at yahoo.com>
Cc : gajim-devel at gajim.org
Envoyé le : Lun 25 juillet 2011, 17h 06min 35s
Objet : Re: Re : [Gajim-devel] PKCS12 with password