[SR-Users] Kamailio 5.5 STIR SHAKEN private key buffer size error

Maharaja Azhagiah er.maharaja at gmail.com
Tue Jul 5 18:34:04 CEST 2022


Hi Daniel,

Thank you so much. Once I generated the format mentioned in the link, it
worked. Thanks again :-)

Regards

*Maharaja Azhagiah*






On Tue, Jul 5, 2022 at 12:20 PM Daniel-Constantin Mierla <miconda at gmail.com>
wrote:

> Hello,
>
> the error code means that the format of the key is invalid:
>
>   - https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L46
>
> If you haven't retrieved from someone, then note that is not the usual
> tls/ssl key format, see:
>
>   - https://github.com/asipto/secsipidx#keys-generation
>
> Cheers,
> Daniel
> On 05.07.22 17:01, Maharaja Azhagiah wrote:
>
> Hi Daniel,
>
> I have following the installation as mentioned in the SecSIPId module page
> (
> https://www.kamailio.org/docs/modules/5.5.x/modules/secsipid.html#secsipid.f.secsipid_add_identity
> )
>
> I am able to load the module without any error. However, when I initiate a
> call I can see the following error:
>
> 0(12956) ERROR: {1 9581 INVITE lzss4D1pl5NkPYfdEZ24OlrXHjnEmWiA} secsipid
> [secsipid_mod.c:330]: ki_secsipid_add_identity(): failed to get identity
> header body (-151)
>
>
> Below is the kamaili configuration where identity needs to be added before
> it dispatch to service provider trunk:
>
> secsipid_add_identity("$fU", "$rU", "C", "", "
> http://pinaiyam.8ksamples.com/certificate.pem", "/tmp/cert/private.pem");
>
>
>
> Regards
>
> *Maharaja Azhagiah*
>
>
>
>
>
>
> On Tue, Jun 28, 2022 at 2:08 AM Daniel-Constantin Mierla <
> miconda at gmail.com> wrote:
>
>> Note that kamailio has another module that offer StIR/SHAKEN
>> capabilities, respectively the secsipid module. You can try to use it, this
>> one I maintain and if there is any issue found, I am going to fix it.
>>
>> All the best,
>> Daniel
>> On 28.06.22 04:41, Maharaja Azhagiah wrote:
>>
>> Thank you very much, Muhammad
>>
>> I tried reducing the SSL key bit length to 1024 but the buffer is still
>> less than the key size. Hence, I submitted an issue with signalwire. I
>> appreciate your help.
>>
>> Regards
>>
>> *Maharaja Azhagiah*
>>
>>
>>
>>
>>
>>
>> On Mon, Jun 27, 2022 at 10:05 PM M S <shaheryarkh at gmail.com> wrote:
>>
>>> This error is  seems to come from libstirshaken (
>>> https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h
>>> line 46) and has nothing to do with Kamailio. Please open a bug with
>>> signalwire who owns and maintains this library.
>>>
>>> Per my understanding this library is bit old and uses many deprecated
>>> functions and needs updating. As a general rule of thumb, in PEM format,
>>> the private key size in bytes is roughly 80% (4/5) of key size in bits e.g.
>>> 4096 bit private key size would be roughly,
>>>
>>> (4096 * 4) / 5 ~= 3277 byes
>>>
>>> which is too big for allowed size (2000 byes) in libstirshaken. So,
>>> either increasing the allowed size in libstirshaken OR reducing your SSL
>>> key bit length to e.g. 1024 may work.
>>>
>>> Thank you.
>>>
>>> --
>>> Muhammad Shahzad Shafi
>>> Tel: +49 176 99 83 10 85
>>>
>>>
>>>
>>> On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah <
>>> er.maharaja at gmail.com> wrote:
>>>
>>>> Hi,
>>>>
>>>> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5.
>>>>
>>>> I used a self signed certificate as this is just a test in the local
>>>> docker environment. However, when I try to add identity with private key
>>>> (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key
>>>> from file /tmp/cert/private.pem too short (2000 <= 3247)"
>>>>
>>>> I have tried using 2048 and 4096 size
>>>>
>>>> root at 5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout
>>>> | grep "Private-Key"
>>>> RSA Private-Key: (4096 bit, 2 primes)
>>>>
>>>> Could you tell me what is wrong with the certificate?
>>>>
>>>> Kamailio version:
>>>>
>>>> root at 5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v
>>>> version: kamailio 5.5.4 (x86_64/linux) 469465
>>>>
>>>> Error:
>>>>
>>>>  0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>>>> stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key():
>>>> Failed to load private key
>>>>  0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>>>> stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details():
>>>> failure details:
>>>>  0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>>>> stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details():
>>>> failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for
>>>> key from file /tmp/cert/private.pem too short (2000 <= 3247)
>>>>  0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>>>> stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details():
>>>> failure error code is: 447
>>>>  0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>>>> <script>: Failed
>>>>
>>>> Regards
>>>>
>>>> *Maharaja Azhagiah*
>>>>
>>>>
>>>>
>>>>
>>>> __________________________________________________________
>>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>>   * sr-users at lists.kamailio.org
>>>> Important: keep the mailing list in the recipients, do not reply only
>>>> to the sender!
>>>> Edit mailing list options or unsubscribe:
>>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>>
>>> __________________________________________________________
>>> Kamailio - Users Mailing List - Non Commercial Discussions
>>>   * sr-users at lists.kamailio.org
>>> Important: keep the mailing list in the recipients, do not reply only to
>>> the sender!
>>> Edit mailing list options or unsubscribe:
>>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>>
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>>   * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to the sender!
>> Edit mailing list options or unsubscribe:
>>   * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
>> --
>> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>> Kamailio Advanced Training - Online: June 20-23, 2022
>>   * https://www.asipto.com/sw/kamailio-advanced-training-online/
>>
>> --
> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- www.linkedin.com/in/miconda
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220705/4489e24b/attachment.htm>


More information about the sr-users mailing list