[OpenSIPS-Users] Stir_shaken signature length

Vlad Patrascu vladp at opensips.org
Mon Apr 13 15:01:14 EST 2020


Hi Alexandru,

OpenSIPS is using the signature in DER encoded format (as it is directly 
generated by openssl) but indeed it is not the proper format as per RFC 
7518. Thanks for the report, I am working on a fix.

Regards,

Vlad Patrascu

On 10.04.2020 12:28, Alexandru Tripon wrote:
> Hi,
>
> I tried to populate the Identity header with the stir_shaken module.
> The header is populated but when I try to verify the signature using 
> an external tool it fails because of the length.
> I have the folowing Identity generated by Opensips:
> `
> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
> `
> the lenght of encoded signature(in base64) is 96 and in the decoded 
> one is 72.
> In the RFC for ES256 
> algorithm(https://tools.ietf.org/html/rfc7518#section-3.4) the length 
> of the decoded signature is 64.
> Am I missing something here?
>
> Thanks,
> Alexandru Tripon
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200413/8f431ad8/attachment.html>


More information about the Users mailing list