Hi Daniel, Thank you so much. Once I generated the format mentioned in the link, it worked. Thanks again :-)
Regards *Maharaja Azhagiah* On Tue, Jul 5, 2022 at 12:20 PM Daniel-Constantin Mierla <[email protected]> wrote: > Hello, > > the error code means that the format of the key is invalid: > > - https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L46 > > If you haven't retrieved from someone, then note that is not the usual > tls/ssl key format, see: > > - https://github.com/asipto/secsipidx#keys-generation > > Cheers, > Daniel > On 05.07.22 17:01, Maharaja Azhagiah wrote: > > Hi Daniel, > > I have following the installation as mentioned in the SecSIPId module page > ( > https://www.kamailio.org/docs/modules/5.5.x/modules/secsipid.html#secsipid.f.secsipid_add_identity > ) > > I am able to load the module without any error. However, when I initiate a > call I can see the following error: > > 0(12956) ERROR: {1 9581 INVITE lzss4D1pl5NkPYfdEZ24OlrXHjnEmWiA} secsipid > [secsipid_mod.c:330]: ki_secsipid_add_identity(): failed to get identity > header body (-151) > > > Below is the kamaili configuration where identity needs to be added before > it dispatch to service provider trunk: > > secsipid_add_identity("$fU", "$rU", "C", "", " > http://pinaiyam.8ksamples.com/certificate.pem";, "/tmp/cert/private.pem"); > > > > Regards > > *Maharaja Azhagiah* > > > > > > > On Tue, Jun 28, 2022 at 2:08 AM Daniel-Constantin Mierla < > [email protected]> wrote: > >> Note that kamailio has another module that offer StIR/SHAKEN >> capabilities, respectively the secsipid module. You can try to use it, this >> one I maintain and if there is any issue found, I am going to fix it. >> >> All the best, >> Daniel >> On 28.06.22 04:41, Maharaja Azhagiah wrote: >> >> Thank you very much, Muhammad >> >> I tried reducing the SSL key bit length to 1024 but the buffer is still >> less than the key size. Hence, I submitted an issue with signalwire. I >> appreciate your help. >> >> Regards >> >> *Maharaja Azhagiah* >> >> >> >> >> >> >> On Mon, Jun 27, 2022 at 10:05 PM M S <[email protected]> wrote: >> >>> This error is seems to come from libstirshaken ( >>> https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h >>> line 46) and has nothing to do with Kamailio. Please open a bug with >>> signalwire who owns and maintains this library. >>> >>> Per my understanding this library is bit old and uses many deprecated >>> functions and needs updating. As a general rule of thumb, in PEM format, >>> the private key size in bytes is roughly 80% (4/5) of key size in bits e.g. >>> 4096 bit private key size would be roughly, >>> >>> (4096 * 4) / 5 ~= 3277 byes >>> >>> which is too big for allowed size (2000 byes) in libstirshaken. So, >>> either increasing the allowed size in libstirshaken OR reducing your SSL >>> key bit length to e.g. 1024 may work. >>> >>> Thank you. >>> >>> -- >>> Muhammad Shahzad Shafi >>> Tel: +49 176 99 83 10 85 >>> >>> >>> >>> On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah < >>> [email protected]> wrote: >>> >>>> Hi, >>>> >>>> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5. >>>> >>>> I used a self signed certificate as this is just a test in the local >>>> docker environment. However, when I try to add identity with private key >>>> (stirshaken_add_identity_with_key), I get "[error_code: 447] Buffer for key >>>> from file /tmp/cert/private.pem too short (2000 <= 3247)" >>>> >>>> I have tried using 2048 and 4096 size >>>> >>>> root@5907e44bd056:/tmp/cert# openssl rsa -in private.pem -text -noout >>>> | grep "Private-Key" >>>> RSA Private-Key: (4096 bit, 2 primes) >>>> >>>> Could you tell me what is wrong with the certificate? >>>> >>>> Kamailio version: >>>> >>>> root@5907e44bd056:/usr/local/kamailio/etc/kamailio# kamailio -v >>>> version: kamailio 5.5.4 (x86_64/linux) 469465 >>>> >>>> Error: >>>> >>>> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>>> stirshaken [stirshaken_mod.c:761]: ki_stirshaken_add_identity_with_key(): >>>> Failed to load private key >>>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>>> stirshaken [stirshaken_mod.c:117]: stirshaken_print_error_details(): >>>> failure details: >>>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>>> stirshaken [stirshaken_mod.c:118]: stirshaken_print_error_details(): >>>> failure reason is: src/stir_shaken_ssl.c:2112: [error_code: 447] Buffer for >>>> key from file /tmp/cert/private.pem too short (2000 <= 3247) >>>> 0(404) DEBUG: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>>> stirshaken [stirshaken_mod.c:119]: stirshaken_print_error_details(): >>>> failure error code is: 447 >>>> 0(404) ERROR: {1 30587 INVITE NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} >>>> <script>: Failed >>>> >>>> Regards >>>> >>>> *Maharaja Azhagiah* >>>> >>>> >>>> >>>> >>>> __________________________________________________________ >>>> Kamailio - Users Mailing List - Non Commercial Discussions >>>> * [email protected] >>>> Important: keep the mailing list in the recipients, do not reply only >>>> to the sender! >>>> Edit mailing list options or unsubscribe: >>>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>>> >>> __________________________________________________________ >>> Kamailio - Users Mailing List - Non Commercial Discussions >>> * [email protected] >>> Important: keep the mailing list in the recipients, do not reply only to >>> the sender! >>> Edit mailing list options or unsubscribe: >>> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >>> >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * [email protected] >> Important: keep the mailing list in the recipients, do not reply only to the >> sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> -- >> Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- >> www.linkedin.com/in/miconda >> Kamailio Advanced Training - Online: June 20-23, 2022 >> * https://www.asipto.com/sw/kamailio-advanced-training-online/ >> >> -- > Daniel-Constantin Mierla -- www.asipto.comwww.twitter.com/miconda -- > www.linkedin.com/in/miconda > >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * [email protected] Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
