subject:"\[SR\-Users\] Re\: Crypto module AES algorithm details"

[SR-Users] Re: Crypto module AES algorithm details

2023-10-16 Thread Henning Westerholt via sr-users

Hello,

if you can suggest changes to the 3rd party library that is used to encrypt the 
data, it should work. Just have a look to the source code how the Kamailio side 
its doing it. It might be just a different mode that its used from the library, 
for example.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com

From: Jayesh Nambiar 
Sent: Freitag, 6. Oktober 2023 16:52
To: Kamailio (SER) - Users Mailing List 
Cc: Henning Westerholt 
Subject: Re: [SR-Users] Crypto module AES algorithm details

Hi Henning,
Thanks for your responses.
The exact use case is as follows:
- In a custom SIP header, I'll have the number that is supposed to be dialed 
out in AES encrypted format
- I will have to decrypt it using the shared key and IV that was used to 
encrypt this phone number on Kamailio
- Once decrypted, I will have the number to call.
- So the encryption algorithm used by a third party should be same as what is 
being used to decrypt in kamailio.

Any other way of doing this? I can request to change the encryption mechanism 
to the third party if needed. Any suggestions on how to achieve this.

Thanks,

- Jayesh

On Thu, Oct 5, 2023 at 3:13 PM Henning Westerholt 
mailto:h...@gilawa.com>> wrote:
(Please keep the list in CC)

Hello,

The web tools might use another logic internally. I had some success with a 
java library use case and also with PostgreSQL, I think.

A usual use-case is to have an encrypted password value in a DB, for data at 
rest encryption. The password is encrypted from something else. Then inside the 
Kamailio cfg you want to encrypt it on the fly, to use it for example for 
challenging a phone with username/password.

Maybe you can give it a try with some python or other script languages, where 
you can play with the different crypto system parameter more easily.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com


From: Jayesh Nambiar mailto:jayesh1...@gmail.com>>
Sent: Donnerstag, 5. Oktober 2023 06:41
To: Henning Westerholt mailto:h...@gilawa.com>>
Subject: Re: [SR-Users] Crypto module AES algorithm details

Hello Henning,
Thanks for the super fast reply.
I tested this within kamailio 5.3.4 and I can successfully encrypt a header 
value and also the same encrypted value decrypts to proper plain text when.
But when I compare the encrypted text with online resources like 
https://www.devglan.com/online-tools/aes-encryption-decryption and 
https://www.javainuse.com/aesgenerator, their encrypted text value is different 
from what I see from kamailio.
Both these resources produce the same encrypted text while the encrypted text 
from kamailio is different.
How do I validate this?
My use case is as follows:
-- I get an encrypted text in a SIP Header
-- I decrypt it and validate it against some DB
-- If valid proceed or else exit

Now if the algorithm doesnt match exactly, there are chances of error, hence 
asking question on how to validate it.


On Wed, Oct 4, 2023 at 1:43 PM Henning Westerholt 
mailto:h...@gilawa.com>> wrote:
Hello Jayesh,

AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL, e.g. 
https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html

For newer versions I have added the init_vector functionality to enable 
interoperability with other crypto functions, e.g. some databases, java 
frameworks etc. If you want to use this functionality, I’d suggest to update, 
as the 5.3. is also end of life since some time. Otherwise you can of course 
also backport this feature.

Cheers,

Henning


--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com



From: Jayesh Nambiar via sr-users 
mailto:sr-users@lists.kamailio.org>>
Sent: Mittwoch, 4. Oktober 2023 08:54
To: Kamailio (SER) - Users Mailing List 
mailto:sr-users@lists.kamailio.org>>
Cc: Jayesh Nambiar mailto:jayesh1...@gmail.com>>
Subject: [SR-Users] Crypto module AES algorithm details

Hello,
I am running kamailio-5.3.4 on one of my setup and I intend to use the crypto 
module in the same.
I wanted to understand the following details when the module is used:
I understand it uses the AES algorithm, is that correct?
Does it use AES 128, 192 or 256 bit algorithms?
Does it use CBC or ECB mode for AES?
The 5.3 version does not have an parameter for init-vector, so does kamailio 
use any init vector internally in this case?

When i compared the encrypted text that kamailio produces and the ones 
available online, they were producing different outputs even when same shared 
secret was used. Hence asking for more clarification

PS: Upgrading kamailio is my very last option as this is one af an old setup 
which only needs this feature without much changes.

Thanks for any valuable response.

-- Jayesh


__
Kamailio - Users Mailing List - Non Commercial Discu

[SR-Users] Re: Crypto module AES algorithm details

2023-10-06 Thread Jayesh Nambiar via sr-users

Hi Henning,
Thanks for your responses.
The exact use case is as follows:
- In a custom SIP header, I'll have the number that is supposed to be
dialed out in AES encrypted format
- I will have to decrypt it using the shared key and IV that was used to
encrypt this phone number on Kamailio
- Once decrypted, I will have the number to call.
- So the encryption algorithm used by a third party should be same as what
is being used to decrypt in kamailio.

Any other way of doing this? I can request to change the encryption
mechanism to the third party if needed. Any suggestions on how to
achieve this.

Thanks,

- Jayesh

On Thu, Oct 5, 2023 at 3:13 PM Henning Westerholt  wrote:

> (Please keep the list in CC)
>
>
>
> Hello,
>
>
>
> The web tools might use another logic internally. I had some success with
> a java library use case and also with PostgreSQL, I think.
>
>
>
> A usual use-case is to have an encrypted password value in a DB, for data
> at rest encryption. The password is encrypted from something else. Then
> inside the Kamailio cfg you want to encrypt it on the fly, to use it for
> example for challenging a phone with username/password.
>
>
>
> Maybe you can give it a try with some python or other script languages,
> where you can play with the different crypto system parameter more easily.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
>
>
> *From:* Jayesh Nambiar 
> *Sent:* Donnerstag, 5. Oktober 2023 06:41
> *To:* Henning Westerholt 
> *Subject:* Re: [SR-Users] Crypto module AES algorithm details
>
>
>
> *Hello Henning,*
>
> Thanks for the super fast reply.
>
> I tested this within kamailio 5.3.4 and I can successfully encrypt a
> header value and also the same encrypted value decrypts to proper plain
> text when.
>
> But when I compare the encrypted text with online resources like
> https://www.devglan.com/online-tools/aes-encryption-decryption and
> https://www.javainuse.com/aesgenerator, their encrypted text value is
> different from what I see from kamailio.
>
> Both these resources produce the same encrypted text while the encrypted
> text from kamailio is different.
>
> How do I validate this?
>
> My use case is as follows:
>
> -- I get an encrypted text in a SIP Header
>
> -- I decrypt it and validate it against some DB
>
> -- If valid proceed or else exit
>
>
>
> Now if the algorithm doesnt match exactly, there are chances of error,
> hence asking question on how to validate it.
>
>
>
>
>
> On Wed, Oct 4, 2023 at 1:43 PM Henning Westerholt  wrote:
>
> Hello Jayesh,
>
>
>
> AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL,
> e.g. https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html
>
>
>
> For newer versions I have added the init_vector functionality to enable
> interoperability with other crypto functions, e.g. some databases, java
> frameworks etc. If you want to use this functionality, I’d suggest to
> update, as the 5.3. is also end of life since some time. Otherwise you can
> of course also backport this feature.
>
>
>
> Cheers,
>
>
>
> Henning
>
>
>
>
>
> --
>
> Henning Westerholt – https://skalatan.de/blog/
>
> Kamailio services – https://gilawa.com
>
>
>
>
>
>
>
> *From:* Jayesh Nambiar via sr-users 
> *Sent:* Mittwoch, 4. Oktober 2023 08:54
> *To:* Kamailio (SER) - Users Mailing List 
> *Cc:* Jayesh Nambiar 
> *Subject:* [SR-Users] Crypto module AES algorithm details
>
>
>
> *Hello,*
>
> I am running kamailio-5.3.4 on one of my setup and I intend to use the
> crypto module in the same.
>
> I wanted to understand the following details when the module is used:
>
> I understand it uses the AES algorithm, is that correct?
>
> Does it use AES 128, 192 or 256 bit algorithms?
>
> Does it use CBC or ECB mode for AES?
>
> The 5.3 version does not have an parameter for init-vector, so does
> kamailio use any init vector internally in this case?
>
>
>
> When i compared the encrypted text that kamailio produces and the ones
> available online, they were producing different outputs even when same
> shared secret was used. Hence asking for more clarification
>
>
>
> PS: Upgrading kamailio is my very last option as this is one af an old
> setup which only needs this feature without much changes.
>
>
>
> Thanks for any valuable response.
>
>
>
> *-- Jayesh*
>
>
>
>
>
>
__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Crypto module AES algorithm details

2023-10-05 Thread Henning Westerholt via sr-users

(Please keep the list in CC)

Hello,

The web tools might use another logic internally. I had some success with a 
java library use case and also with PostgreSQL, I think.

A usual use-case is to have an encrypted password value in a DB, for data at 
rest encryption. The password is encrypted from something else. Then inside the 
Kamailio cfg you want to encrypt it on the fly, to use it for example for 
challenging a phone with username/password.

Maybe you can give it a try with some python or other script languages, where 
you can play with the different crypto system parameter more easily.

Cheers,

Henning

--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com


From: Jayesh Nambiar 
Sent: Donnerstag, 5. Oktober 2023 06:41
To: Henning Westerholt 
Subject: Re: [SR-Users] Crypto module AES algorithm details

Hello Henning,
Thanks for the super fast reply.
I tested this within kamailio 5.3.4 and I can successfully encrypt a header 
value and also the same encrypted value decrypts to proper plain text when.
But when I compare the encrypted text with online resources like 
https://www.devglan.com/online-tools/aes-encryption-decryption and 
https://www.javainuse.com/aesgenerator, their encrypted text value is different 
from what I see from kamailio.
Both these resources produce the same encrypted text while the encrypted text 
from kamailio is different.
How do I validate this?
My use case is as follows:
-- I get an encrypted text in a SIP Header
-- I decrypt it and validate it against some DB
-- If valid proceed or else exit

Now if the algorithm doesnt match exactly, there are chances of error, hence 
asking question on how to validate it.


On Wed, Oct 4, 2023 at 1:43 PM Henning Westerholt 
mailto:h...@gilawa.com>> wrote:
Hello Jayesh,

AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL, e.g. 
https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html

For newer versions I have added the init_vector functionality to enable 
interoperability with other crypto functions, e.g. some databases, java 
frameworks etc. If you want to use this functionality, I’d suggest to update, 
as the 5.3. is also end of life since some time. Otherwise you can of course 
also backport this feature.

Cheers,

Henning


--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com



From: Jayesh Nambiar via sr-users 
mailto:sr-users@lists.kamailio.org>>
Sent: Mittwoch, 4. Oktober 2023 08:54
To: Kamailio (SER) - Users Mailing List 
mailto:sr-users@lists.kamailio.org>>
Cc: Jayesh Nambiar mailto:jayesh1...@gmail.com>>
Subject: [SR-Users] Crypto module AES algorithm details

Hello,
I am running kamailio-5.3.4 on one of my setup and I intend to use the crypto 
module in the same.
I wanted to understand the following details when the module is used:
I understand it uses the AES algorithm, is that correct?
Does it use AES 128, 192 or 256 bit algorithms?
Does it use CBC or ECB mode for AES?
The 5.3 version does not have an parameter for init-vector, so does kamailio 
use any init vector internally in this case?

When i compared the encrypted text that kamailio produces and the ones 
available online, they were producing different outputs even when same shared 
secret was used. Hence asking for more clarification

PS: Upgrading kamailio is my very last option as this is one af an old setup 
which only needs this feature without much changes.

Thanks for any valuable response.

-- Jayesh


__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Crypto module AES algorithm details

2023-10-04 Thread Henning Westerholt via sr-users

Hello Jayesh,

AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL, e.g. 
https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html

For newer versions I have added the init_vector functionality to enable 
interoperability with other crypto functions, e.g. some databases, java 
frameworks etc. If you want to use this functionality, I’d suggest to update, 
as the 5.3. is also end of life since some time. Otherwise you can of course 
also backport this feature.

Cheers,

Henning


--
Henning Westerholt – https://skalatan.de/blog/
Kamailio services – https://gilawa.com



From: Jayesh Nambiar via sr-users 
Sent: Mittwoch, 4. Oktober 2023 08:54
To: Kamailio (SER) - Users Mailing List 
Cc: Jayesh Nambiar 
Subject: [SR-Users] Crypto module AES algorithm details

Hello,
I am running kamailio-5.3.4 on one of my setup and I intend to use the crypto 
module in the same.
I wanted to understand the following details when the module is used:
I understand it uses the AES algorithm, is that correct?
Does it use AES 128, 192 or 256 bit algorithms?
Does it use CBC or ECB mode for AES?
The 5.3 version does not have an parameter for init-vector, so does kamailio 
use any init vector internally in this case?

When i compared the encrypted text that kamailio produces and the ones 
available online, they were producing different outputs even when same shared 
secret was used. Hence asking for more clarification

PS: Upgrading kamailio is my very last option as this is one af an old setup 
which only needs this feature without much changes.

Thanks for any valuable response.

-- Jayesh


__
Kamailio - Users Mailing List - Non Commercial Discussions
To unsubscribe send an email to sr-users-le...@lists.kamailio.org
Important: keep the mailing list in the recipients, do not reply only to the 
sender!
Edit mailing list options or unsubscribe:

[SR-Users] Re: Crypto module AES algorithm details

[SR-Users] Re: Crypto module AES algorithm details

[SR-Users] Re: Crypto module AES algorithm details

[SR-Users] Re: Crypto module AES algorithm details

4 matches

Site Navigation

Mail list logo

Footer information