[SR-Users] Kamailio 5.5 STIR SHAKEN private key buffer size error
M S
shaheryarkh at gmail.com
Tue Jun 28 04:03:00 CEST 2022
This error is seems to come from libstirshaken (
https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h
line 46) and has nothing to do with Kamailio. Please open a bug with
signalwire who owns and maintains this library.
Per my understanding this library is bit old and uses many deprecated
functions and needs updating. As a general rule of thumb, in PEM format,
the private key size in bytes is roughly 80% (4/5) of key size in bits e.g.
4096 bit private key size would be roughly,
(4096 * 4) / 5 ~= 3277 byes
which is too big for allowed size (2000 byes) in libstirshaken. So, either
increasing the allowed size in libstirshaken OR reducing your SSL key bit
length to e.g. 1024 may work.
Thank you.
--
Muhammad Shahzad Shafi
Tel: +49 176 99 83 10 85
On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah <er.maharaja at gmail.com>
wrote:
> Hi,
>
> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5.
>
> I used a self signed certificate as this is just a test in the local
> docker environment. However, when I try to add identity with private key
> (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key
> from file /tmp/cert/private.pem too short (2000 <= 3247)"
>
> I have tried using 2048 and 4096 size
>
> root at 5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout |
> grep "Private-Key"
> RSA Private-Key: (4096 bit, 2 primes)
>
> Could you tell me what is wrong with the certificate?
>
> Kamailio version:
>
> root at 5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v
> version: kamailio 5.5.4 (x86_64/linux) 469465
>
> Error:
>
> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
> stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key():
> Failed to load private key
> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
> stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details():
> failure details:
> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
> stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details():
> failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for
> key from file /tmp/cert/private.pem too short (2000 <= 3247)
> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
> stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details():
> failure error code is: 447
> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>:
> Failed
>
> Regards
>
> *Maharaja Azhagiah*
>
>
>
>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220628/7a6b858c/attachment.htm>
More information about the sr-users
mailing list