Wrong "Sign Message" field?
Closed this issue · 3 comments
danuker commented
Hello!
In the Security Settings, there is the "Sign Message" field which prompts for a method to CHECK the message signature.
- I think it should be named "Signature Verification" instead of "Sign Message". The partner signed the message, not the Django-PyAS2 instance. The public key (next field) lets you verify a signature, not sign.
- I believe the docs are wrong: it should say "the hash algorithm to be used for verifying signed messages" received from partners instead of "the hash algorithm to be used for signing messages".
I hope I didn't confuse things and waste your time. Thank you for this useful piece of software!
danuker commented
I am sorry, I believe I got it wrong. I now think "Sign Message" is indeed the algorithm used to SIGN a message, not check. Which private key does it use, if there are multiple ones?
abhishek-ram commented
The one setup in the organization and the organization is picked from the message
danuker commented
Thank you for the reply! I will try it out when I work with AS2 again.
I was also learning the basics of AS2 at the same time. I now believe the UI is accurate.