search

MatthiasValvekens / pyHanko

pyHanko: sign and stamp PDF files
MIT License
494 stars 71 forks source link

SimpleSigner.load_pkcs12() passphrase utf-8 character error #432

Closed akicsike closed 4 months ago

akicsike commented 4 months ago

signer = SimpleSigner.load_pkcs12(pfx_file = "pfx_file.pfx", passphrase = bytes("password1á34", encoding='utf-8'))

if I call this code, it throws me:

Could not load key material from PKCS#12 file Traceback (most recent call last): File "C:\falk\fem\lib\site-packages\pyhanko\sign\signers\pdf_cms.py", line 1532, in load_pkcs12 ) = pkcs12.load_key_and_certificates(pfx_bytes, passphrase) File "C:\falk\fem\lib\site-packages\cryptography\hazmat\primitives\serialization\pkcs12.py", line 157, in load_key_and_certificates return ossl.load_key_and_certificates_from_pkcs12(data, password) File "C:\falk\fem\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 603, in load_key_and_certificates_from_pkcs12 pkcs12 = self.load_pkcs12(data, password) File "C:\falk\fem\lib\site-packages\cryptography\hazmat\backends\openssl\backend.py", line 632, in load_pkcs12 raise ValueError("Invalid password or PKCS12 data") ValueError: Invalid password or PKCS12 data

If i use utf8 character in the password string then it throws me error!

MatthiasValvekens commented 4 months ago

This almost certainly means the PKCS#12 MAC did not validate and/or your payload decrypted to bogus data, i.e. the password is wrong, or you chose the wrong encoding. PKCS#12 passwords are binary data, not strings. So especially with non-ASCII passwords you have to be very careful to pick the same encoding as the one that was used to create the PKCS#12 file.

You seem to be on Windows, which is not exactly known for its sane defaults when it comes to encodings... Assuming you generated the file yourself: the "correct" encoding is probably not UTF-8, but some old 256-bit codepage from the 80s or 90s that Microsoft doesn't dare to change because they don't want to break compatibility for people still running the '86 edition of WordPerfect.

Joking aside, try latin1 instead of utf-8 and see if that works. Failing that, you'll have to figure out your system's default encoding and try to work out how to use it from Python.

EDIT: moving this to discussions, since it's not a bug in pyHanko.