I am having the following issue with one of our vendors. They are using IBM AS2 communication with us.
We can send EDI files just fine to them, however when they try send something to us we get this error.
We used a CA authority (GoDaddy) to obtain the public and private keys. What we didn't do is send them all the files, we
just sent them the public key.
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 513, in verify_message
verify_cert, sig, signed_data, digest_alg
File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1079, in rsa_pkcs1v15_verify
return _verify(certificate_or_public_key, signature, data, hash_algorithm)
File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1437, in _verify
raise SignatureError('Signature is invalid')
oscrypto.errors.SignatureError: Signature is invalid
The above exception was the direct cause of the following exception:
Traceback (most recent call last):
File "/usr/local/lib/python3.7/site-packages/pyas2lib/as2.py", line 637, in parse
self.digest_alg = verify_message(mic_content, signature, verify_cert)
File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 522, in verify_message
) from e
pyas2lib.exceptions.IntegrityError: Failed to verify message signature: Signature is invalid
Also, when we had a meeting with them they said this maybe the issue.
Non-compliant headers were received in the inbound MDN message.
Diagnosing The Problem
Check the MDN received by viewing the Primary Document at the EDIINTPipelineParse service in error, verify that it contains an header like below:
Good day,
I am having the following issue with one of our vendors. They are using IBM AS2 communication with us. We can send EDI files just fine to them, however when they try send something to us we get this error.
We used a CA authority (GoDaddy) to obtain the public and private keys. What we didn't do is send them all the files, we just sent them the public key.
Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 513, in verify_message verify_cert, sig, signed_data, digest_alg File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1079, in rsa_pkcs1v15_verify return _verify(certificate_or_public_key, signature, data, hash_algorithm) File "/usr/local/lib/python3.7/site-packages/oscrypto/_openssl/asymmetric.py", line 1437, in _verify raise SignatureError('Signature is invalid') oscrypto.errors.SignatureError: Signature is invalid
The above exception was the direct cause of the following exception:
Traceback (most recent call last): File "/usr/local/lib/python3.7/site-packages/pyas2lib/as2.py", line 637, in parse self.digest_alg = verify_message(mic_content, signature, verify_cert) File "/usr/local/lib/python3.7/site-packages/pyas2lib/cms.py", line 522, in verify_message ) from e pyas2lib.exceptions.IntegrityError: Failed to verify message signature: Signature is invalid
Also, when we had a meeting with them they said this maybe the issue.
Cause IBM Sterling B2B Integrator is compliant with AS2 RFC as outlined in: https://www.ietf.org/rfc/rfc4130.txt
Non-compliant headers were received in the inbound MDN message.
Diagnosing The Problem Check the MDN received by viewing the Primary Document at the EDIINTPipelineParse service in error, verify that it contains an header like below:
X-Content-Type-Options: nosniff
Anything would help!