search

abhishek-ram / django-pyas2

AS2 file transfer Server built on Python and Django.
https://django-pyas2.readthedocs.io
GNU General Public License v3.0
78 stars 31 forks source link

Wrong "Sign Message" field? #71

Closed danuker closed 2 years ago

danuker commented 2 years ago

Hello!

In the Security Settings, there is the "Sign Message" field which prompts for a method to CHECK the message signature.

  1. I think it should be named "Signature Verification" instead of "Sign Message". The partner signed the message, not the Django-PyAS2 instance. The public key (next field) lets you verify a signature, not sign.
  2. I believe the docs are wrong: it should say "the hash algorithm to be used for verifying signed messages" received from partners instead of "the hash algorithm to be used for signing messages".

I hope I didn't confuse things and waste your time. Thank you for this useful piece of software!

danuker commented 2 years ago

I am sorry, I believe I got it wrong. I now think "Sign Message" is indeed the algorithm used to SIGN a message, not check. Which private key does it use, if there are multiple ones?

abhishek-ram commented 2 years ago

The one setup in the organization and the organization is picked from the message

danuker commented 2 years ago

Thank you for the reply! I will try it out when I work with AS2 again.

I was also learning the basics of AS2 at the same time. I now believe the UI is accurate.