View Issue Details

IDProjectCategoryView StatusLast Update
0005972libeufinnexuspublic2020-05-15 19:19
ReporterMarcello StanisciAssigned ToMarcello Stanisci 
PrioritynormalSeverityminorReproducibilityhave not tried
Status feedbackResolutionopen 
Summary0005972: Avoid sending signed data before key exchange
DescriptionThe Nexus should check if their keys were accepted by the bank (via INI / HIA) before performing any operation using those.

This is useful because some banks may simply respond "signature invalid" without telling what the real cause is.
TagsNo tags attached.

Activities

Marcello Stanisci

2020-05-15 19:19

manager   ~0015917

This happens here (1) for example, where the 'makeEbicsHpbRequest()' function just
makes the message without checking the state of the key used to sign the message.

But possibly, this is not a real problem. If errors are nicely reported, then the user
will be correctly warned about the impossibility of the attempted operation.

[1] https://git.taler.net/libeufin.git/tree/nexus/src/main/kotlin/tech/libeufin/nexus/Main.kt?id=4f0af79c3cde2b71f8a3607d5310aaf375d011eb#n87

Issue History

Date Modified Username Field Change
2019-11-18 19:28 Marcello Stanisci New Issue
2020-05-15 19:19 Marcello Stanisci Note Added: 0015917
2020-05-15 19:19 Marcello Stanisci Assigned To => Marcello Stanisci
2020-05-15 19:19 Marcello Stanisci Status new => feedback