Note that kamailio has another module that offer StIR/SHAKEN capabilities, respectively the secsipid module. You can try to use it, this one I maintain and if there is any issue found, I am going to fix it.
All the best, Daniel On 28.06.22 04:41, Maharaja Azhagiah wrote: > Thank you very much, Muhammad > > I tried reducing the SSL key bit length to 1024 but the buffer is > still less than the key size. Hence, I submitted an issue with > signalwire. I appreciate your help. > > Regards > > *Maharaja Azhagiah* > > > > > > > On Mon, Jun 27, 2022 at 10:05 PM M S <[email protected]> wrote: > > This error is seems to come from libstirshaken > > (https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h > line 46) and has nothing to do with Kamailio. Please open a bug > with signalwire who owns and maintains this library. > > Per my understanding this library is bit old and uses many > deprecated functions and needs updating. As a general rule of > thumb, in PEM format, the private key size in bytes is roughly 80% > (4/5) of key size in bits e.g. 4096 bit private key size would be > roughly, > > (4096 * 4) / 5 ~= 3277 byes > > which is too big for allowed size (2000 byes) in libstirshaken. > So, either increasing the allowed size in libstirshaken OR > reducing your SSL key bit length to e.g. 1024 may work. > > Thank you. > > -- > Muhammad Shahzad Shafi > Tel: +49 176 99 83 10 85 > > > > On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah > <[email protected]> wrote: > > Hi, > > I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5. > > I used a self signed certificate as this is just a test in the > local docker environment. However, when I try to add identity > with private key (stirshaken_add_identity_with_key), I get > "[error_code: 447] Buffer for key from file > /tmp/cert/private.pem too short (2000 <= 3247)" > > I have tried using 2048 and 4096 size > > root@5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text > -noout | grep "Private-Key" > RSA Private-Key: (4096 bit, 2 primes) > > Could you tell me what is wrong with the certificate? > > Kamailio version: > > root@5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v > version: kamailio 5.5.4 (x86_64/linux) 469465 > > Error: > > 0(404) ERROR: {1 30587 INVITE > NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken > [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key(): > Failed to load private key > 0(404) DEBUG: {1 30587 INVITE > NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken > [stirshaken_mod.c:117]: stirshaken_print_error_details(): > failure details: > 0(404) DEBUG: {1 30587 INVITE > NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken > [stirshaken_mod.c:118]: stirshaken_print_error_details(): > failure reason is: src/stir_shaken_ssl.c:2112: [error_code: > 447] Buffer for key from file /tmp/cert/private.pem too short > (2000 <= 3247) > 0(404) DEBUG: {1 30587 INVITE > NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken > [stirshaken_mod.c:119]: stirshaken_print_error_details(): > failure error code is: 447 > 0(404) ERROR: {1 30587 INVITE > NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>: Failed > > Regards > > *Maharaja Azhagiah* > > > > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not > reply only to the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply > only to the sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > > __________________________________________________________ > Kamailio - Users Mailing List - Non Commercial Discussions > * [email protected] > Important: keep the mailing list in the recipients, do not reply only to the > sender! > Edit mailing list options or unsubscribe: > * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda Kamailio Advanced Training - Online: June 20-23, 2022 * https://www.asipto.com/sw/kamailio-advanced-training-online/
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
