<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>Hello,</p>
<p>the error code means that the format of the key is invalid:</p>
<p> -
<a class="moz-txt-link-freetext" href="https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L46">https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L46</a></p>
<p>If you haven't retrieved from someone, then note that is not the
usual tls/ssl key format, see:</p>
<p> - <a class="moz-txt-link-freetext" href="https://github.com/asipto/secsipidx#keys-generation">https://github.com/asipto/secsipidx#keys-generation</a></p>
<p>Cheers,<br>
Daniel<br>
</p>
<div class="moz-cite-prefix">On 05.07.22 17:01, Maharaja Azhagiah
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAHkGiEcE2isRMqoOnBq8HNoDquLRWqq+_LJKXNkSBeyQYw-2Hg@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763">Hi Daniel,</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763">I have
following the installation as mentioned in the SecSIPId
module page (<a
href="https://www.kamailio.org/docs/modules/5.5.x/modules/secsipid.html#secsipid.f.secsipid_add_identity"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.kamailio.org/docs/modules/5.5.x/modules/secsipid.html#secsipid.f.secsipid_add_identity</a>) </div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763">I am able
to load the module without any error. However, when I initiate
a call I can see the following error:</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)" face="verdana,
sans-serif">0(12956) ERROR: {1 9581 INVITE
lzss4D1pl5NkPYfdEZ24OlrXHjnEmWiA} secsipid
[secsipid_mod.c:330]: ki_secsipid_add_identity(): failed to
get identity header body (-151)</font></div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763">Below is
the kamaili configuration where identity needs to be added
before it dispatch to service provider trunk:</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default" style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)" face="verdana,
sans-serif">secsipid_add_identity("$fU", "$rU", "C", "", "<a
href="http://pinaiyam.8ksamples.com/certificate.pem"
moz-do-not-send="true" class="moz-txt-link-freetext">http://pinaiyam.8ksamples.com/certificate.pem</a>",
"/tmp/cert/private.pem");</font><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:#073763"> </div>
<div>
<div dir="ltr" class="gmail_signature"
data-smartmail="gmail_signature">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><font face="tahoma, sans-serif" color="#1f497d">Regards</font></p>
<p><font face="tahoma, sans-serif" color="#1f497d"><b>Maharaja
Azhagiah</b></font></p>
<p><br>
</p>
<p><font face="'Courier New'" color="#1f497d"><br>
</font></p>
<p><span
style="font-size:10pt;font-family:"Courier
New";color:rgb(31,73,125)"><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Tue, Jun 28, 2022 at 2:08
AM Daniel-Constantin Mierla <<a
href="mailto:miconda@gmail.com" moz-do-not-send="true"
class="moz-txt-link-freetext">miconda@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div>
<p>Note that kamailio has another module that offer
StIR/SHAKEN capabilities, respectively the secsipid
module. You can try to use it, this one I maintain and if
there is any issue found, I am going to fix it.</p>
<p>All the best,<br>
Daniel<br>
</p>
<div>On 28.06.22 04:41, Maharaja Azhagiah wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default"><font face="tahoma,
sans-serif" color="#073763">Thank you very
much, Muhammad</font></div>
<div class="gmail_default"><font face="tahoma,
sans-serif" color="#073763"><br>
</font></div>
<div class="gmail_default"><font face="tahoma,
sans-serif" color="#073763">I tried reducing the SSL
key bit length to 1024 but the buffer is still less
than the key size. Hence, I submitted an issue with
signalwire. I appreciate your help. </font></div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><font face="tahoma, sans-serif"
color="#1f497d">Regards</font></p>
<p><font face="tahoma, sans-serif"
color="#1f497d"><b>Maharaja Azhagiah</b></font></p>
<p><br>
</p>
<p><font face="'Courier New'"
color="#1f497d"><br>
</font></p>
<p><span><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
<br>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jun 27, 2022
at 10:05 PM M S <<a
href="mailto:shaheryarkh@gmail.com" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">shaheryarkh@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">This error is seems to come
from libstirshaken (<a
href="https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h</a>
line 46) and has nothing to do with Kamailio. Please
open a bug with signalwire who owns and maintains
this library.
<div><br>
</div>
<div>Per my understanding this library is bit old
and uses many deprecated functions and needs
updating. As a general rule of thumb, in PEM
format, the private key size in bytes is roughly
80% (4/5) of key size in bits e.g. 4096 bit
private key size would be roughly,</div>
<div><br>
</div>
<div>(4096 * 4) / 5 ~= 3277 byes</div>
<div><br>
</div>
<div>which is too big for allowed size (2000 byes)
in libstirshaken. So, either increasing the
allowed size in libstirshaken OR reducing your SSL
key bit length to e.g. 1024 may work.</div>
<div><br>
</div>
<div>Thank you.</div>
<div><br>
</div>
<div>--</div>
<div>Muhammad Shahzad Shafi</div>
<div>Tel: +49 176 99 83 10 85</div>
<div><br>
</div>
<div><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Jun 27,
2022 at 11:07 PM Maharaja Azhagiah <<a
href="mailto:er.maharaja@gmail.com"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">er.maharaja@gmail.com</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px
0px 0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div dir="ltr">
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">Hi,</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
am trying STIR/SHAKEN using libstirshaken in
Kamailio 5.5.</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
used a self signed certificate as this is just
a test in the local docker environment.
However, when I try to add identity with
private key
(stirshaken_add_identity_with_key), I get
"[error_code: 447] Buffer for key from file
/tmp/cert/private.pem too short (2000 <=
3247)"</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)">I
have tried using 2048 and 4096 size</div>
<div class="gmail_default"
style="font-family:tahoma,sans-serif;color:rgb(7,55,99)"><br>
</div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)"
size="1" face="verdana, sans-serif">root@5907e44bd056:/tmp/cert#
openssl rsa -in private.pem -text -noout |
grep "Private-Key"<br>
RSA Private-Key: (4096 bit, 2 primes)</font><br>
</div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
style="background-color:rgb(255,255,0)"
size="1" face="verdana, sans-serif"><br>
</font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)">Could
you tell me what is wrong with the
certificate?</span></font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)">Kamailio
version:</span></font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">root@5907e44bd056:/usr/local/kamailio/etc/kamailio#
kamailio -v</span><br
style="font-family:tahoma,sans-serif;font-size:x-small">
<span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)">version:
kamailio 5.5.4 (x86_64/linux) 469465</span><font
face="verdana, sans-serif"><span
style="background-color:rgb(255,255,255)"><br>
</span></font></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><span
style="font-family:tahoma,sans-serif;font-size:x-small;background-color:rgb(255,255,0)"><br>
</span></div>
<div class="gmail_default"
style="color:rgb(7,55,99)">Error:</div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><span
style="background-color:rgb(255,255,0)"><font
size="1" face="tahoma, sans-serif"><br>
</font></span></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><span
style="background-color:rgb(255,255,0)"><font
size="1" face="tahoma, sans-serif"> 0(404)
ERROR: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
stirshaken [stirshaken_mod.c:761]:
ki_stirshaken_add_identity_with_key():
Failed to load private key<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
stirshaken [stirshaken_mod.c:117]:
stirshaken_print_error_details(): failure
details:<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
stirshaken [stirshaken_mod.c:118]:
stirshaken_print_error_details(): failure
reason is: src/stir_shaken_ssl.c:2112:
[error_code: 447] Buffer for key from file
/tmp/cert/private.pem too short (2000
<= 3247)<br>
0(404) DEBUG: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
stirshaken [stirshaken_mod.c:119]:
stirshaken_print_error_details(): failure
error code is: 447<br>
0(404) ERROR: {1 30587 INVITE
NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
<script>: Failed<br>
</font></span></div>
<div class="gmail_default"
style="color:rgb(7,55,99)"><span
style="font-family:verdana,sans-serif;background-color:rgb(255,255,255)"><br>
</span></div>
<div>
<div dir="ltr">
<div dir="ltr">
<div>
<div dir="ltr">
<div dir="ltr">
<p><font face="tahoma, sans-serif"
color="#1f497d">Regards</font></p>
<p><font face="tahoma, sans-serif"
color="#1f497d"><b>Maharaja
Azhagiah</b></font></p>
<p><br>
</p>
<p><font face="'Courier New'"
color="#1f497d"><br>
</font></p>
<p><span><br>
</span></p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial
Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the
recipients, do not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true"
class="moz-txt-link-freetext">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
__________________________________________________________<br>
Kamailio - Users Mailing List - Non Commercial
Discussions<br>
* <a href="mailto:sr-users@lists.kamailio.org"
target="_blank" moz-do-not-send="true"
class="moz-txt-link-freetext">sr-users@lists.kamailio.org</a><br>
Important: keep the mailing list in the recipients, do
not reply only to the sender!<br>
Edit mailing list options or unsubscribe:<br>
* <a
href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users"
rel="noreferrer" target="_blank"
moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>__________________________________________________________
Kamailio - Users Mailing List - Non Commercial Discussions
* <a href="mailto:sr-users@lists.kamailio.org" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">sr-users@lists.kamailio.org</a>
Important: keep the mailing list in the recipients, do not reply only to the sender!
Edit mailing list options or unsubscribe:
* <a href="https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users</a>
</pre>
</blockquote>
<pre cols="72">--
Daniel-Constantin Mierla -- <a href="http://www.asipto.com" target="_blank" moz-do-not-send="true">www.asipto.com</a>
<a href="http://www.twitter.com/miconda" target="_blank" moz-do-not-send="true">www.twitter.com/miconda</a> -- <a href="http://www.linkedin.com/in/miconda" target="_blank" moz-do-not-send="true">www.linkedin.com/in/miconda</a>
Kamailio Advanced Training - Online: June 20-23, 2022
* <a href="https://www.asipto.com/sw/kamailio-advanced-training-online/" target="_blank" moz-do-not-send="true" class="moz-txt-link-freetext">https://www.asipto.com/sw/kamailio-advanced-training-online/</a></pre>
</div>
</blockquote>
</div>
</blockquote>
<pre class="moz-signature" cols="72">--
Daniel-Constantin Mierla -- <a class="moz-txt-link-abbreviated" href="http://www.asipto.com">www.asipto.com</a>
<a class="moz-txt-link-abbreviated" href="http://www.twitter.com/miconda">www.twitter.com/miconda</a> -- <a class="moz-txt-link-abbreviated" href="http://www.linkedin.com/in/miconda">www.linkedin.com/in/miconda</a></pre>
</body>
</html>