Hello, the error code means that the format of the key is invalid:
- https://github.com/asipto/secsipidx/blob/main/secsipid/secsipid.go#L46 If you haven't retrieved from someone, then note that is not the usual tls/ssl key format, see: - https://github.com/asipto/secsipidx#keys-generation Cheers, Daniel On 05.07.22 17:01, Maharaja Azhagiah wrote: > Hi Daniel, > > I have following the installation as mentioned in the SecSIPId > module page > (https://www.kamailio.org/docs/modules/5.5.x/modules/secsipid.html#secsipid.f.secsipid_add_identity) > > > I am able to load the module without any error. However, when I > initiate a call I can see the following error: > > 0(12956) ERROR: {1 9581 INVITE lzss4D1pl5NkPYfdEZ24OlrXHjnEmWiA} > secsipid [secsipid_mod.c:330]: ki_secsipid_add_identity(): failed to > get identity header body (-151) > > > Below is the kamaili configuration where identity needs to be added > before it dispatch to service provider trunk: > > secsipid_add_identity("$fU", "$rU", "C", "", > "http://pinaiyam.8ksamples.com/certificate.pem";, "/tmp/cert/private.pem"); > > > > Regards > > *Maharaja Azhagiah* > > > > > > > On Tue, Jun 28, 2022 at 2:08 AM Daniel-Constantin Mierla > <mico...@gmail.com> wrote: > > Note that kamailio has another module that offer StIR/SHAKEN > capabilities, respectively the secsipid module. You can try to use > it, this one I maintain and if there is any issue found, I am > going to fix it. > > All the best, > Daniel > > On 28.06.22 04:41, Maharaja Azhagiah wrote: >> Thank you very much, Muhammad >> >> I tried reducing the SSL key bit length to 1024 but the buffer is >> still less than the key size. Hence, I submitted an issue with >> signalwire. I appreciate your help. >> >> Regards >> >> *Maharaja Azhagiah* >> >> >> >> >> >> >> On Mon, Jun 27, 2022 at 10:05 PM M S <shaherya...@gmail.com> wrote: >> >> This error is seems to come from libstirshaken >> >> (https://github.com/signalwire/libstirshaken/blob/master/include/stir_shaken.h >> line 46) and has nothing to do with Kamailio. Please open a >> bug with signalwire who owns and maintains this library. >> >> Per my understanding this library is bit old and uses many >> deprecated functions and needs updating. As a general rule of >> thumb, in PEM format, the private key size in bytes is >> roughly 80% (4/5) of key size in bits e.g. 4096 bit private >> key size would be roughly, >> >> (4096 * 4) / 5 ~= 3277 byes >> >> which is too big for allowed size (2000 byes) in >> libstirshaken. So, either increasing the allowed size in >> libstirshaken OR reducing your SSL key bit length to e.g. >> 1024 may work. >> >> Thank you. >> >> -- >> Muhammad Shahzad Shafi >> Tel: +49 176 99 83 10 85 >> >> >> >> On Mon, Jun 27, 2022 at 11:07 PM Maharaja Azhagiah >> <er.mahar...@gmail.com> wrote: >> >> Hi, >> >> I am trying STIR/SHAKEN using libstirshaken in Kamailio 5.5. >> >> I used a self signed certificate as this is just a test >> in the local docker environment. However, when I try to >> add identity with private key >> (stirshaken_add_identity_with_key), I get "[error_code: >> 447] Buffer for key from file /tmp/cert/private.pem too >> short (2000 <= 3247)" >> >> I have tried using 2048 and 4096 size >> >> root@5907e44bd056:/tmp/cert# openssl rsa -in private.pem >> -text -noout | grep "Private-Key" >> RSA Private-Key: (4096 bit, 2 primes) >> >> Could you tell me what is wrong with the certificate? >> >> Kamailio version: >> >> root@5907e44bd056:/usr/local/kamailio/etc/kamailio# >> kamailio -v >> version: kamailio 5.5.4 (x86_64/linux) 469465 >> >> Error: >> >> 0(404) ERROR: {1 30587 INVITE >> NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken >> [stirshaken_mod.c:761]: >> ki_stirshaken_add_identity_with_key(): Failed to load >> private key >> 0(404) DEBUG: {1 30587 INVITE >> NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken >> [stirshaken_mod.c:117]: stirshaken_print_error_details(): >> failure details: >> 0(404) DEBUG: {1 30587 INVITE >> NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken >> [stirshaken_mod.c:118]: stirshaken_print_error_details(): >> failure reason is: src/stir_shaken_ssl.c:2112: >> [error_code: 447] Buffer for key from file >> /tmp/cert/private.pem too short (2000 <= 3247) >> 0(404) DEBUG: {1 30587 INVITE >> NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} stirshaken >> [stirshaken_mod.c:119]: stirshaken_print_error_details(): >> failure error code is: 447 >> 0(404) ERROR: {1 30587 INVITE >> NzIhM1-2YABveZZ1mPvs3m3tw8K7meSq} <script>: Failed >> >> Regards >> >> *Maharaja Azhagiah* >> >> >> >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do >> not reply only to the sender! >> Edit mailing list options or unsubscribe: >> * >> https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not >> reply only to the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users >> >> >> __________________________________________________________ >> Kamailio - Users Mailing List - Non Commercial Discussions >> * sr-users@lists.kamailio.org >> Important: keep the mailing list in the recipients, do not reply only to >> the sender! >> Edit mailing list options or unsubscribe: >> * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users > > -- > Daniel-Constantin Mierla -- www.asipto.com <http://www.asipto.com> > www.twitter.com/miconda <http://www.twitter.com/miconda> -- > www.linkedin.com/in/miconda <http://www.linkedin.com/in/miconda> > Kamailio Advanced Training - Online: June 20-23, 2022 > * https://www.asipto.com/sw/kamailio-advanced-training-online/ > -- Daniel-Constantin Mierla -- www.asipto.com www.twitter.com/miconda -- www.linkedin.com/in/miconda
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions * sr-users@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe: * https://lists.kamailio.org/cgi-bin/mailman/listinfo/sr-users
