Wrong "Sign Message" field?

Question

Wrong "Sign Message" field?

Closed this issue 2 years ago · 3 comments

danuker commented 2 years ago

Hello!

In the Security Settings, there is the "Sign Message" field which prompts for a method to CHECK the message signature.

I think it should be named "Signature Verification" instead of "Sign Message". The partner signed the message, not the Django-PyAS2 instance. The public key (next field) lets you verify a signature, not sign.
I believe the docs are wrong: it should say "the hash algorithm to be used for verifying signed messages" received from partners instead of "the hash algorithm to be used for signing messages".

I hope I didn't confuse things and waste your time. Thank you for this useful piece of software!

Answer 1 · 2022-03-15T14:10:31.000Z

I am sorry, I believe I got it wrong. I now think "Sign Message" is indeed the algorithm used to SIGN a message, not check. Which private key does it use, if there are multiple ones?

Answer 2 · 2022-04-11T03:29:09.000Z

The one setup in the organization and the organization is picked from the message

Answer 3 · 2022-04-11T18:07:10.000Z

Thank you for the reply! I will try it out when I work with AS2 again.

I was also learning the basics of AS2 at the same time. I now believe the UI is accurate.