[OpenSIPS-Users] Stir_shaken signature length

Saint Michael venefax at gmail.com
Mon Apr 13 15:58:15 EST 2020


I see, so I need to update my Opensips to 3.1, and then how does it work?
the module grabs my certificate and generates the signature?
Is there a command line tool that can do that meanwhile? We can always add
the signature like any other header.
Can somebody paste a sample code here so I my try?




On Mon, Apr 13, 2020 at 11:34 AM Vlad Patrascu <vladp at opensips.org> wrote:

> Hi Frederico,
>
> I'm not really sure I understand your question of "how" to generate the
> signature. Are you refering to how the scripting should look like or
> something else ? But anyway, it is not possible with OpenSIPS 2.4.7 as the
> stir_shaken module is available starting with OpenSIPS 3.1.
>
> Regards,
>
> Vlad Patrascu
> On 13.04.2020 18:13, Saint Michael wrote:
>
> I am trying to do the same. The question I need to ask here is: how do you
> generate the signature from the certificate, the caller ID and the
> destination number?
> I have the API working in staging mode, but now I need to really sign a
> call and send it forward with Opensips 2.4.7
>
> Federico
>
> On Mon, Apr 13, 2020 at 11:03 AM Vlad Patrascu <vladp at opensips.org> wrote:
>
>> Hi Alexandru,
>>
>> OpenSIPS is using the signature in DER encoded format (as it is directly
>> generated by openssl) but indeed it is not the proper format as per RFC
>> 7518. Thanks for the report, I am working on a fix.
>>
>> Regards,
>>
>> Vlad Patrascu
>> On 10.04.2020 12:28, Alexandru Tripon wrote:
>>
>> Hi,
>>
>> I tried to populate the Identity header with the stir_shaken module.
>> The header is populated but when I try to verify the signature using an
>> external tool it fails because of the length.
>> I have the folowing Identity generated by Opensips:
>> `
>>
>> eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
>> `
>> the lenght of encoded signature(in base64) is 96 and in the decoded one
>> is 72.
>> In the RFC for ES256 algorithm(
>> https://tools.ietf.org/html/rfc7518#section-3.4) the length of the
>> decoded signature is 64.
>> Am I missing something here?
>>
>> Thanks,
>> Alexandru Tripon
>>
>> _______________________________________________
>> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>> _______________________________________________
>> Users mailing list
>> Users at lists.opensips.org
>> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>
> _______________________________________________
> Users mailing listUsers at lists.opensips.orghttp://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200413/f462111c/attachment-0001.html>


More information about the Users mailing list