<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Note that kamailio has another module that offer StIR/SHAKEN
capabilities, respectively the secsipid module. You can try to use
it, this one I maintain and if there is any issue found, I am
going to fix it.</p>
<p>All the best,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 28.06.22 04:41, Maharaja Azhagiah
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHkGiEeMhEPGxhAnVvrzX2wtuk-rcpxasT_=VDcMCRjzYk9qRA@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default" style=""><font style="" face="tahoma,
sans-serif" color="#073763">Thank you very much, Muhammad</font></div>
<div class="gmail_default" style=""><font face="tahoma,
sans-serif" color="#073763"><br>
</font></div>
<div class="gmail_default" style=""><font style="" face="tahoma,
sans-serif" color="#073763">I tried reducing the SSL key bit
length to 1024 but the buffer is still less than the key
size. Hence, I submitted an issue with signalwire. I
appreciate your help. </font></div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><font face="tahoma, sans-serif" color="#1f497d">Regards</font></p>
<p><font face="tahoma, sans-serif" color="#1f497d"><b>Maharaja
Azhagiah</b></font></p>
<p><br>
</p>
<p><font face="'Courier New'" color="#1f497d"><br>
</font></p>
<p><span
style="font-size:10pt;font-family:"Courier
New";color:rgb(31,73,125)"><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jun 27, 2022 at 10:05
PM M S <<a href="mailto:shaheryarkh@gmail.com"
moz-do-not-send="true" class="moz-txt-link-freetext">shaheryarkh@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This error is seems to come from libstirshaken
(<a
href="https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h</a>
line 46) and has nothing to do with Kamailio. Please open a
bug with signalwire who owns and maintains this library.
<div><br>
</div>
<div>Per my understanding this library is bit old and uses
many deprecated functions and needs updating. As a general
rule of thumb, in PEM format, the private key size in
bytes is roughly 80% (4/5) of key size in bits e.g. 4096
bit private key size would be roughly,</div>
<div><br>
</div>
<div>(4096 * 4) / 5 ~= 3277 byes</div>
<div><br>
</div>
<div>which is too big for allowed size (2000 byes) in
libstirshaken. So, either increasing the allowed size in
libstirshaken OR reducing your SSL key bit length to e.g.
1024 may work.</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>--</div>
<div>Muhammad Shahzad Shafi</div>
<div>Tel: +49 176 99 83 10 85</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jun 27, 2022 at
11:07 PM Maharaja Azhagiah <<a
href="mailto:er.maharaja@gmail.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">er.maharaja@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Hi,</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
am trying STIR/SHAKEN using libstirshaken in Kamailio
5.5.</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
used a self signed certificate as this is just a test
in the local docker environment. However, when I try
to add identity with private key
(stirshaken_add_identity_with_key), I get
"[error_code: 447] Buffer for key from file
/tmp/cert/private.pem too short (2000 <= 3247)"</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
have tried using 2048 and 4096 size</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)" size="1"
face="verdana, sans-serif">root@5907e44bd056:/tmp/cert#
openssl rsa -in private.pem -text -noout | grep
"Private-Key"<br>
RSA Private-Key: (4096 bit, 2 primes)</font><br>
</div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)" size="1"
face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)">Could
you tell me what is wrong with the certificate?</span></font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)">Kamailio
version:</span></font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">root@5907e44bd056:/usr/local/kamailio/etc/kamailio#
kamailio -v</span><br
style="font-family:tahoma,sans-serif;font-size:x-small">
<span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">version:
kamailio 5.5.4 (x86_64/linux) 469465</span><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)"><br>
</span></div>
<div class="gmail_default" style="color:rgb(7,55,99)">Error:</div>
<div class="gmail_default" style="color:rgb(7,55,99)"><span
style="background-color:rgb(255,255,0)"><font
size="1" face="tahoma, sans-serif"><br>
</font></span></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><span
style="background-color:rgb(255,255,0)"><font
size="1" face="tahoma, sans-serif"> 0(404) ERROR:
{1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
stirshaken [stirshaken_mod.c:761]:
ki_stirshaken_add_identity_with_key(): Failed to
load private key<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
[stirshaken_mod.c:117]:
stirshaken_print_error_details(): failure details:<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
[stirshaken_mod.c:118]:
stirshaken_print_error_details(): failure reason
is: src/stir_shaken_ssl.c:2112: [error_code: 447]
Buffer for key from file /tmp/cert/private.pem too
short (2000 <= 3247)<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken
[stirshaken_mod.c:119]:
stirshaken_print_error_details(): failure error
code is: 447<br>
0(404) ERROR: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>:
Failed<br>
</font></span></div>
<div class="gmail_default" style="color:rgb(7,55,99)"><span
style="font-family:verdana,sans-serif;background-color:rgb(255,255,255)"><br>
</span></div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><font face="tahoma, sans-serif"
color="#1f497d">Regards</font></p>
<p><font face="tahoma, sans-serif"
color="#1f497d"><b>Maharaja Azhagiah</b></font></p>
<p><br>
</p>
<p><font face="'Courier New'"
color="#1f497d"><br>
</font></p>
<p><span
style="font-size:10pt;font-family:"Courier
New";color:rgb(31,73,125)"><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not
reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do not
reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
<br>
<fieldset class="moz-mime-attachment-header"></fieldset>
<pre class="moz-quote-pre" wrap="">__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* <a class="moz-txt-link-abbreviated" href="mailto:sr-users@lists.kamailio.org">sr-users@lists.kamailio.org</a>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* <a class="moz-txt-link-freetext" href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Online: June 20-23, 2022
* <a class="moz-txt-link-freetext" href="https://www.asipto.com/sw/kamailio-advanced-training-online/">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>
</body>
</html>