From er.maharaja@gmail.com Tue Jun 28 04:41:29 2022 From: Maharaja Azhagiah To: sr-users@lists.kamailio.org Subject: Re: [SR-Users] Kamailio 5.5 STIR SHAKEN private key buffer size error Date: Mon, 27 Jun 2022 22:41:03 -0400 Message-ID: In-Reply-To: MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============0064928589==" --===============0064928589== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Thank you very much, Muhammad I tried reducing the SSL key bit length to 1024 but the buffer is still less than the key size. Hence, I submitted an issue with signalwire. I appreciate your help. Regards *Maharaja Azhagiah* On Mon, Jun 27, 2022 at 10:05 PM M S wrote: > This error is seems to come from libstirshaken ( > https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken= .h > line 46) and has nothing to do with Kamailio. Please open a bug with > signalwire who owns and maintains this library. > > Per my understanding this library is bit old and uses many deprecated > functions and needs updating. As a general rule of thumb, in PEM format, > the private key size in bytes is roughly 80% (4/5) of key size in bits e.g. > 4096 bit private key size would be roughly, > > (4096 * 4) / 5 ~=3D 3277 byes > > which is too big for allowed size (2000 byes) in libstirshaken. So, either > increasing the allowed size in libstirshaken OR reducing your SSL key bit > length to e.g. 1024 may work. > > Thank you. > > -- > Muhammad Shahzad Shafi > Tel: +49 176 99 83 10 85 > > > > On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah > wrote: > >> Hi, >> >> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5. >> >> I used a self signed certificate as this is just a test in the local >> docker environment. However, when I try to add identity with private key >> (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key >> from file /tmp/cert/private.pem too short (2000 <=3D 3247)" >> >> I have tried using 2048 and 4096 size >> >> root(a)5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout | >> grep "Private-Key" >> RSA Private-Key: (4096 bit, 2 primes) >> >> Could you tell me what is wrong with the certificate? >> >> Kamailio version: >> >> root(a)5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v >> version: kamailio 5.5.4 (x86_64/linux) 469465 >> >> Error: >> >> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >> stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key(): >> Failed to load private key >> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >> stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details(): >> failure details: >> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >> stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details(): >> failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for >> key from file /tmp/cert/private.pem too short (2000 <=3D 3247) >> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >> stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details(): >> failure error code is: 447 >> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>