[OpenSIPS-Users] Stir_shaken signature length

Bogdan-Andrei Iancu bogdan at opensips.org
Mon Apr 13 16:37:39 EST 2020


Maybe you should first take a look at 
https://blog.opensips.org/2020/01/23/shaken-not-stirred/ and 
https://opensips.org/docs/modules/3.1.x/stir_shaken.html

Regards,

Bogdan-Andrei Iancu

OpenSIPS Founder and Developer
   https://www.opensips-solutions.com
OpenSIPS Summit, Amsterdam, May 2020
   https://www.opensips.org/events/Summit-2020Amsterdam/

On 4/13/20 6:58 PM, Saint Michael wrote:
> I see, so I need to update my Opensips to 3.1, and then how does it 
> work? the module grabs my certificate and generates the signature?
> Is there a command line tool that can do that meanwhile? We can always 
> add the signature like any other header.
> Can somebody paste a sample code here so I my try?
>
>
>
>
> On Mon, Apr 13, 2020 at 11:34 AM Vlad Patrascu <vladp at opensips.org 
> <mailto:vladp at opensips.org>> wrote:
>
>     Hi Frederico,
>
>     I'm not really sure I understand your question of "how" to
>     generate the signature. Are you refering to how the scripting
>     should look like or something else ? But anyway, it is not
>     possible with OpenSIPS 2.4.7 as the stir_shaken module is
>     available starting with OpenSIPS 3.1.
>
>     Regards,
>
>     Vlad Patrascu
>
>     On 13.04.2020 18:13, Saint Michael wrote:
>>     I am trying to do the same. The question I need to ask here is:
>>     how do you generate the signature from the certificate, the
>>     caller ID and the destination number?
>>     I have the API working in staging mode, but now I need to really
>>     sign a call and send it forward with Opensips 2.4.7
>>
>>     Federico
>>
>>     On Mon, Apr 13, 2020 at 11:03 AM Vlad Patrascu
>>     <vladp at opensips.org <mailto:vladp at opensips.org>> wrote:
>>
>>         Hi Alexandru,
>>
>>         OpenSIPS is using the signature in DER encoded format (as it
>>         is directly generated by openssl) but indeed it is not the
>>         proper format as per RFC 7518. Thanks for the report, I am
>>         working on a fix.
>>
>>         Regards,
>>
>>         Vlad Patrascu
>>
>>         On 10.04.2020 12:28, Alexandru Tripon wrote:
>>>         Hi,
>>>
>>>         I tried to populate the Identity header with the stir_shaken
>>>         module.
>>>         The header is populated but when I try to verify the
>>>         signature using an external tool it fails because of the length.
>>>         I have the folowing Identity generated by Opensips:
>>>         `
>>>         eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
>>>         `
>>>         the lenght of encoded signature(in base64) is 96 and in the
>>>         decoded one is 72.
>>>         In the RFC for ES256
>>>         algorithm(https://tools.ietf.org/html/rfc7518#section-3.4)
>>>         the length of the decoded signature is 64.
>>>         Am I missing something here?
>>>
>>>         Thanks,
>>>         Alexandru Tripon
>>>
>>>         _______________________________________________
>>>         Users mailing list
>>>         Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>         _______________________________________________
>>         Users mailing list
>>         Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>>         http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>>
>>
>>     _______________________________________________
>>     Users mailing list
>>     Users at lists.opensips.org  <mailto:Users at lists.opensips.org>
>>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>     _______________________________________________
>     Users mailing list
>     Users at lists.opensips.org <mailto:Users at lists.opensips.org>
>     http://lists.opensips.org/cgi-bin/mailman/listinfo/users
>
>
> _______________________________________________
> Users mailing list
> Users at lists.opensips.org
> http://lists.opensips.org/cgi-bin/mailman/listinfo/users

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opensips.org/pipermail/users/attachments/20200413/7ade0d06/attachment.html>


More information about the Users mailing list