<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body bgcolor="#FFFFFF" text="#000000">
<tt>Maybe you should first take a look at
<a class="moz-txt-link-freetext" href="https://blog.opensips.org/2020/01/23/shaken-not-stirred/">https://blog.opensips.org/2020/01/23/shaken-not-stirred/</a> and
<a class="moz-txt-link-freetext" href="https://opensips.org/docs/modules/3.1.x/stir_shaken.html">https://opensips.org/docs/modules/3.1.x/stir_shaken.html</a><br>
<br>
Regards,<br>
</tt>
<pre class="moz-signature" cols="72">Bogdan-Andrei Iancu
OpenSIPS Founder and Developer
<a class="moz-txt-link-freetext" href="https://www.opensips-solutions.com">https://www.opensips-solutions.com</a>
OpenSIPS Summit, Amsterdam, May 2020
<a class="moz-txt-link-freetext" href="https://www.opensips.org/events/Summit-2020Amsterdam/">https://www.opensips.org/events/Summit-2020Amsterdam/</a>
</pre>
<div class="moz-cite-prefix">On 4/13/20 6:58 PM, Saint Michael
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAC9cSOAGSb648gFWVnPt2sHh_-2Nfdz2sh2Qk4HkXJPT2=aLrQ@mail.gmail.com">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
<div dir="ltr">
<div class="gmail_default" style="font-size:small">I see, so I
need to update my Opensips to 3.1, and then how does it work?
the module grabs my certificate and generates the signature?</div>
<div class="gmail_default" style="font-size:small">Is there a
command line tool that can do that meanwhile? We can always
add the signature like any other header.</div>
<div class="gmail_default" style="font-size:small">Can somebody
paste a sample code here so I my try?</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Apr 13, 2020 at 11:34
AM Vlad Patrascu <<a href="mailto:vladp@opensips.org"
moz-do-not-send="true">vladp@opensips.org</a>> wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px 0px
0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Frederico,</p>
<p>I'm not really sure I understand your question of "how"
to generate the signature. Are you refering to how the
scripting should look like or something else ? But anyway,
it is not possible with OpenSIPS 2.4.7 as the stir_shaken
module is available starting with OpenSIPS 3.1.</p>
<p>Regards,</p>
<p>Vlad Patrascu<br>
</p>
<div>On 13.04.2020 18:13, Saint Michael wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">
<div class="gmail_default" style="font-size:small">I am
trying to do the same. The question I need to ask here
is: how do you generate the signature from the
certificate, the caller ID and the destination number?</div>
<div class="gmail_default" style="font-size:small">I
have the API working in staging mode, but now I need
to really sign a call and send it forward with
Opensips 2.4.7</div>
<div class="gmail_default" style="font-size:small"><br>
</div>
<div class="gmail_default" style="font-size:small">Federico</div>
</div>
<br>
<div class="gmail_quote">
<div dir="ltr" class="gmail_attr">On Mon, Apr 13, 2020
at 11:03 AM Vlad Patrascu <<a
href="mailto:vladp@opensips.org" target="_blank"
moz-do-not-send="true">vladp@opensips.org</a>>
wrote:<br>
</div>
<blockquote class="gmail_quote" style="margin:0px 0px
0px 0.8ex;border-left:1px solid
rgb(204,204,204);padding-left:1ex">
<div bgcolor="#FFFFFF">
<p>Hi Alexandru,</p>
<p>OpenSIPS is using the signature in DER encoded
format (as it is directly generated by openssl)
but indeed it is not the proper format as per RFC
7518. Thanks for the report, I am working on a
fix.</p>
<p>Regards,</p>
<p>Vlad Patrascu<br>
</p>
<div>On 10.04.2020 12:28, Alexandru Tripon wrote:<br>
</div>
<blockquote type="cite">
<div dir="ltr">Hi,<br>
<br>
I tried to populate the Identity header with the
stir_shaken module.<br>
The header is populated but when I try to verify
the signature using an external tool it fails
because of the length.<br>
I have the folowing Identity generated by
Opensips:<br>
`<br>
eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"<br>
` <br>
the lenght of encoded signature(in base64) is 96
and in the decoded one is 72.<br>
In the RFC for ES256 algorithm(<a
href="https://tools.ietf.org/html/rfc7518#section-3.4"
target="_blank" moz-do-not-send="true">https://tools.ietf.org/html/rfc7518#section-3.4</a>)
the length of the decoded signature is 64.<br>
Am I missing something here?<br>
<br>
Thanks,<br>
Alexandru Tripon</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org"
target="_blank" moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank"
moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br>
<fieldset></fieldset>
<pre>_______________________________________________
Users mailing list
<a href="mailto:Users@lists.opensips.org" target="_blank" moz-do-not-send="true">Users@lists.opensips.org</a>
<a href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
</div>
_______________________________________________<br>
Users mailing list<br>
<a href="mailto:Users@lists.opensips.org" target="_blank"
moz-do-not-send="true">Users@lists.opensips.org</a><br>
<a
href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users"
rel="noreferrer" target="_blank" moz-do-not-send="true">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a><br>
</blockquote>
</div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre" wrap="">_______________________________________________
Users mailing list
<a class="moz-txt-link-abbreviated" href="mailto:Users@lists.opensips.org">Users@lists.opensips.org</a>
<a class="moz-txt-link-freetext" href="http://lists.opensips.org/cgi-bin/mailman/listinfo/users">http://lists.opensips.org/cgi-bin/mailman/listinfo/users</a>
</pre>
</blockquote>
<br>
</body>
</html>