[SR-Users] Kamailio 5.5 STIR SHAKEN private key buffer size error
Maharaja Azhagiah
er.maharaja at gmail.com
Tue Jun 28 04:41:03 CEST 2022
Thank you very much, Muhammad
I tried reducing the SSL key bit length to 1024 but the buffer is still
less than the key size. Hence, I submitted an issue with signalwire. I
appreciate your help.
Regards
*Maharaja Azhagiah*
On Mon, Jun 27, 2022 at 10:05 PM M S <shaheryarkh at gmail.com> wrote:
> This error is seems to come from libstirshaken (
> https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h
> line 46) and has nothing to do with Kamailio. Please open a bug with
> signalwire who owns and maintains this library.
>
> Per my understanding this library is bit old and uses many deprecated
> functions and needs updating. As a general rule of thumb, in PEM format,
> the private key size in bytes is roughly 80% (4/5) of key size in bits e.g.
> 4096 bit private key size would be roughly,
>
> (4096 * 4) / 5 ~= 3277 byes
>
> which is too big for allowed size (2000 byes) in libstirshaken. So, either
> increasing the allowed size in libstirshaken OR reducing your SSL key bit
> length to e.g. 1024 may work.
>
> Thank you.
>
> --
> Muhammad Shahzad Shafi
> Tel: +49 176 99 83 10 85
>
>
>
> On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah <er.maharaja at gmail.com>
> wrote:
>
>> Hi,
>>
>> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5.
>>
>> I used a self signed certificate as this is just a test in the local
>> docker environment. However, when I try to add identity with private key
>> (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key
>> from file /tmp/cert/private.pem too short (2000 <= 3247)"
>>
>> I have tried using 2048 and 4096 size
>>
>> root at 5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout |
>> grep "Private-Key"
>> RSA Private-Key: (4096 bit, 2 primes)
>>
>> Could you tell me what is wrong with the certificate?
>>
>> Kamailio version:
>>
>> root at 5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v
>> version: kamailio 5.5.4 (x86_64/linux) 469465
>>
>> Error:
>>
>> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>> stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key():
>> Failed to load private key
>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>> stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details():
>> failure details:
>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>> stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details():
>> failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for
>> key from file /tmp/cert/private.pem too short (2000 <= 3247)
>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>> stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details():
>> failure error code is: 447
>> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq}
>> <script>: Failed
>>
>> Regards
>>
>> *Maharaja Azhagiah*
>>
>>
>>
>>
>> __________________________________________________________
>> Kamailio - Users Mailing List - Non Commercial Discussions
>> * sr-users at lists.kamailio.org
>> Important: keep the mailing list in the recipients, do not reply only to
>> the sender!
>> Edit mailing list options or unsubscribe:
>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>>
> __________________________________________________________
> Kamailio - Users Mailing List - Non Commercial Discussions
> * sr-users at lists.kamailio.org
> Important: keep the mailing list in the recipients, do not reply only to
> the sender!
> Edit mailing list options or unsubscribe:
> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.kamailio.org/pipermail/sr-users/attachments/20220627/94a0663b/attachment.htm>
More information about the sr-users
mailing list