[OpenSIPS-Users] Stir_shaken signature length

Vlad Patrascu vladp at opensips.org
Mon Apr 13 15:32:31 EST 2020 

Hi Frederico,

I'm not really sure I understand your question of "how" to generate the 
signature. Are you refering to how the scripting should look like or 
something else ? But anyway, it is not possible with OpenSIPS 2.4.7 as 
the stir_shaken module is available starting with OpenSIPS 3.1.

Regards,

Vlad Patrascu

On 13.04.2020 18:13, Saint Michael wrote:
> I am trying to do the same. The question I need to ask here is: how do 
> you generate the signature from the certificate, the caller ID and the 
> destination number?
> I have the API working in staging mode, but now I need to really sign 
> a call and send it forward with Opensips 2.4.7
>
> Federico
>
> On Mon, Apr 13, 2020 at 11:03 AM Vlad Patrascu <vladp at opensips.org 
> <mailto:vladp at opensips.org>> wrote:
>
>     Hi Alexandru,
>
>     OpenSIPS is using the signature in DER encoded format (as it is
>     directly generated by openssl) but indeed it is not the proper
>     format as per RFC 7518. Thanks for the report, I am working on a fix.
>
>     Regards,
>
>     Vlad Patrascu
>
>     On 10.04.2020 12:28, Alexandru Tripon wrote:
>>     Hi,
>>
>>     I tried to populate the Identity header with the stir_shaken module.
>>     The header is populated but when I try to verify the signature
>>     using an external tool it fails because of the length.
>>     I have the folowing Identity generated by Opensips:
>>     `
>>     eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
>>     `
>>     the lenght of encoded signature(in base64) is 96 and in the
>>     decoded one is 72.
>>     In the RFC for ES256
>>     algorithm(https://tools.ietf.org/html/rfc7518#section-3.4) the
>>     length of the decoded signature is 64.
>>     Am I missing something here?
>>
>>     Thanks,
>>     Alexandru Tripon
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200413/e0f6e87b/attachment.html>

More information about the Users mailing list