[PYTHON-CRYPTO] PKCS7 verification issue.

Jonathan Endersby arbitraryuser at GMAIL.COM
Tue Oct 6 08:26:10 CEST 2009


Hi All

I'm trying to do the following:

1. Sign a message with Alice's keys (cert is signed by the CA)
2. Encrypt the message with Bob's (signed by the CA) public key
3. Send the PKCS#7 output to Bob
4. Bob decrypts the message and tries to verifies it with the
cacert.pem and with Alice's public key
5. It works. (no surprise here)

However, If I run step 4 with Carol's public key  (signed by the CA),
the verify also works... and I would have expected it to fail as it
wasn't signed by Carol!

Am I misunderstanding how the verify is meant to work? (It's quite
possible, I'm very new to PKI)

If I'm not being a complete idiot I'll write a clean test case. At the
moment the code is too wrapped up in my project to extract neatly.

Thanks in advance.
J.

-- 
Jonathan Endersby
+27 82 4143129
www.arbitraryuser.com



More information about the python-crypto mailing list