Maybe you should first take a look at
https://blog.opensips.org/2020/01/23/shaken-not-stirred/ and
https://opensips.org/docs/modules/3.1.x/stir_shaken.html
Regards,
Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
https://www.opensips-solutions.com
OpenSIPS Summit, Amsterdam, May 2020
https://www.opensips.org/events/Summit-2020Amsterdam/
On 4/13/20 6:58 PM, Saint Michael wrote:
I see, so I need to update my Opensips to 3.1, and then how does it
work? the module grabs my certificate and generates the signature?
Is there a command line tool that can do that meanwhile? We can always
add the signature like any other header.
Can somebody paste a sample code here so I my try?
On Mon, Apr 13, 2020 at 11:34 AM Vlad Patrascu <[email protected]
<mailto:[email protected]>> wrote:
Hi Frederico,
I'm not really sure I understand your question of "how" to
generate the signature. Are you refering to how the scripting
should look like or something else ? But anyway, it is not
possible with OpenSIPS 2.4.7 as the stir_shaken module is
available starting with OpenSIPS 3.1.
Regards,
Vlad Patrascu
On 13.04.2020 18:13, Saint Michael wrote:
I am trying to do the same. The question I need to ask here is:
how do you generate the signature from the certificate, the
caller ID and the destination number?
I have the API working in staging mode, but now I need to really
sign a call and send it forward with Opensips 2.4.7
Federico
On Mon, Apr 13, 2020 at 11:03 AM Vlad Patrascu
<[email protected] <mailto:[email protected]>> wrote:
Hi Alexandru,
OpenSIPS is using the signature in DER encoded format (as it
is directly generated by openssl) but indeed it is not the
proper format as per RFC 7518. Thanks for the report, I am
working on a fix.
Regards,
Vlad Patrascu
On 10.04.2020 12:28, Alexandru Tripon wrote:
Hi,
I tried to populate the Identity header with the stir_shaken
module.
The header is populated but when I try to verify the
signature using an external tool it fails because of the length.
I have the folowing Identity generated by Opensips:
`
eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
`
the lenght of encoded signature(in base64) is 96 and in the
decoded one is 72.
In the RFC for ES256
algorithm(https://tools.ietf.org/html/rfc7518#section-3.4)
the length of the decoded signature is 64.
Am I missing something here?
Thanks,
Alexandru Tripon
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected] <mailto:[email protected]>
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
[email protected]
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
