Lack of Content-Transfer-Encoding of a binary message causing signature validation failure

Question

Lack of Content-Transfer-Encoding of a binary message causing signature validation failure

daviialvesjr opened this issue 3 years ago · 3 comments

We are receiving a message from IBM Starling. The message is encrypted, signed and compressed. The symptom is that the self.digest_alg = verify_message(mic_content, signature, verify_cert) function fails.
We realised that the canonicalize is not treating the message as binary as it should because of the lack of the Content-Transfer-Encoding property.
Inside canonicalize the email_message has the following header:
Content-Type: application/pkcs7-mime; smime-type=compressed-data; name=smime.p7m
By forcing the message as binary everything works well, however it will probably break other messages.
What is the best way to deal with this case?

Answer 1 · 2022-02-19T03:37:32.000Z

Well we cannot always assume that it is binary as the message could also be base64 encoded. There are a few options:

Make the canonicalize method configurable i.e. pass in a custom function as part of Message.parse
Take in an argument canonicalize_as_binary as part of Message.parse that force treats the message as binary, the idea being that a particular partner will always send in binary and for that partner you can set this argument to True

Let me know your thoughts @daviialvesjr
cc @chadgates

Answer 2 · 2022-02-21T07:02:00.000Z

I'd suggest to extend Partner class with canonicalize_as_binary option and make it configurable in django-pyas2 on a partner level as well.

Answer 3 · 2022-02-21T13:22:18.000Z

All right, I'll do it as suggested by @chadgates.
Thanks!!