<div dir="ltr"><div class="gmail_default" style=""><font face="tahoma, sans-serif" style="" color="#073763">Thank you very much, Muhammad</font></div><div class="gmail_default" style=""><font face="tahoma, sans-serif" color="#073763"><br></font></div><div class="gmail_default" style=""><font face="tahoma, sans-serif" style="" color="#073763">I tried reducing the SSL key bit length to 1024 but the buffer is still less than the key size. Hence, I submitted an issue with signalwire. I appreciate your help. </font></div><div><div dir="ltr" class="gmail_signature" data-smartmail="gmail_signature"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><p><font color="#1f497d" face="tahoma, sans-serif">Regards</font></p><p><font color="#1f497d" face="tahoma, sans-serif"><b>Maharaja Azhagiah</b></font></p><p><br></p><p><font color="#1f497d" face="'Courier New'"><br></font></p><p><span style="font-size:10pt;font-family:"Courier New";color:rgb(31,73,125)"><br></span></p></div></div></div></div></div></div><br></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 27, 2022 at 10:05 PM M S <<a href="mailto:shaheryarkh@gmail.com">shaheryarkh@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr">This error is seems to come from libstirshaken (<a href="https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h" target="_blank">https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h</a> line 46) and has nothing to do with Kamailio. Please open a bug with signalwire who owns and maintains this library.<div><br></div><div>Per my understanding this library is bit old and uses many deprecated functions and needs updating. As a general rule of thumb, in PEM format, the private key size in bytes is roughly 80% (4/5) of key size in bits e.g. 4096 bit private key size would be roughly,</div><div><br></div><div>(4096 * 4) / 5 ~= 3277 byes</div><div><br></div><div>which is too big for allowed size (2000 byes) in libstirshaken. So, either increasing the allowed size in libstirshaken OR reducing your SSL key bit length to e.g. 1024 may work.</div><div><br></div><div>Thank you.</div><div><br></div><div>--</div><div>Muhammad Shahzad Shafi</div><div>Tel: +49 176 99 83 10 85</div><div><br></div><div><br></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah <<a href="mailto:er.maharaja@gmail.com" target="_blank">er.maharaja@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="ltr"><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Hi,</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5.</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I used a self signed certificate as this is just a test in the local docker environment. However, when I try to add identity with private key (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key from file /tmp/cert/private.pem too short (2000 <= 3247)"</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I have tried using 2048 and 4096 size</div><div class="gmail_default" style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif" size="1" style="background-color:rgb(255,255,0)">root@5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout | grep "Private-Key"<br>RSA Private-Key: (4096 bit, 2 primes)</font><br></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif" size="1" style="background-color:rgb(255,255,0)"><br></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif"><span style="background-color:rgb(255,255,255)">Could you tell me what is wrong with the certificate?</span></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif"><span style="background-color:rgb(255,255,255)"><br></span></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif"><span style="background-color:rgb(255,255,255)">Kamailio version:</span></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><font face="verdana, sans-serif"><span style="background-color:rgb(255,255,255)"><br></span></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><span style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">root@5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v</span><br style="font-family:tahoma,sans-serif;font-size:x-small"><span style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">version: kamailio 5.5.4 (x86_64/linux) 469465</span><font face="verdana, sans-serif"><span style="background-color:rgb(255,255,255)"><br></span></font></div><div class="gmail_default" style="color:rgb(7,55,99)"><span style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)"><br></span></div><div class="gmail_default" style="color:rgb(7,55,99)">Error:</div><div class="gmail_default" style="color:rgb(7,55,99)"><span style="background-color:rgb(255,255,0)"><font face="tahoma, sans-serif" size="1"><br></font></span></div><div class="gmail_default" style="color:rgb(7,55,99)"><span style="background-color:rgb(255,255,0)"><font face="tahoma, sans-serif" size="1"> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key(): Failed to load private key<br> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details(): failure details:<br> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details(): failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for key from file /tmp/cert/private.pem too short (2000 <= 3247)<br> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details(): failure error code is: 447<br> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>: Failed<br></font></span></div><div class="gmail_default" style="color:rgb(7,55,99)"><span style="font-family:verdana,sans-serif;background-color:rgb(255,255,255)"><br></span></div><div><div dir="ltr"><div dir="ltr"><div><div dir="ltr"><div dir="ltr"><p><font color="#1f497d" face="tahoma, sans-serif">Regards</font></p><p><font color="#1f497d" face="tahoma, sans-serif"><b>Maharaja Azhagiah</b></font></p><p><br></p><p><font color="#1f497d" face="'Courier New'"><br></font></p><p><span style="font-size:10pt;font-family:"Courier New";color:rgb(31,73,125)"><br></span></p></div></div></div></div></div></div></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" rel="noreferrer" target="_blank">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote></div>