Hi Henning, Thanks for your responses. The exact use case is as follows: - In a custom SIP header, I'll have the number that is supposed to be dialed out in AES encrypted format - I will have to decrypt it using the shared key and IV that was used to encrypt this phone number on Kamailio - Once decrypted, I will have the number to call. - So the encryption algorithm used by a third party should be same as what is being used to decrypt in kamailio.
Any other way of doing this? I can request to change the encryption mechanism to the third party if needed. Any suggestions on how to achieve this. Thanks, - Jayesh On Thu, Oct 5, 2023 at 3:13 PM Henning Westerholt <h...@gilawa.com> wrote: > (Please keep the list in CC) > > > > Hello, > > > > The web tools might use another logic internally. I had some success with > a java library use case and also with PostgreSQL, I think. > > > > A usual use-case is to have an encrypted password value in a DB, for data > at rest encryption. The password is encrypted from something else. Then > inside the Kamailio cfg you want to encrypt it on the fly, to use it for > example for challenging a phone with username/password. > > > > Maybe you can give it a try with some python or other script languages, > where you can play with the different crypto system parameter more easily. > > > > Cheers, > > > > Henning > > > > -- > > Henning Westerholt – https://skalatan.de/blog/ > > Kamailio services – https://gilawa.com > > > > > > *From:* Jayesh Nambiar <jayesh1...@gmail.com> > *Sent:* Donnerstag, 5. Oktober 2023 06:41 > *To:* Henning Westerholt <h...@gilawa.com> > *Subject:* Re: [SR-Users] Crypto module AES algorithm details > > > > *Hello Henning,* > > Thanks for the super fast reply. > > I tested this within kamailio 5.3.4 and I can successfully encrypt a > header value and also the same encrypted value decrypts to proper plain > text when. > > But when I compare the encrypted text with online resources like > https://www.devglan.com/online-tools/aes-encryption-decryption and > https://www.javainuse.com/aesgenerator, their encrypted text value is > different from what I see from kamailio. > > Both these resources produce the same encrypted text while the encrypted > text from kamailio is different. > > How do I validate this? > > My use case is as follows: > > -- I get an encrypted text in a SIP Header > > -- I decrypt it and validate it against some DB > > -- If valid proceed or else exit > > > > Now if the algorithm doesnt match exactly, there are chances of error, > hence asking question on how to validate it. > > > > > > On Wed, Oct 4, 2023 at 1:43 PM Henning Westerholt <h...@gilawa.com> wrote: > > Hello Jayesh, > > > > AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL, > e.g. https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html > > > > For newer versions I have added the init_vector functionality to enable > interoperability with other crypto functions, e.g. some databases, java > frameworks etc. If you want to use this functionality, I’d suggest to > update, as the 5.3. is also end of life since some time. Otherwise you can > of course also backport this feature. > > > > Cheers, > > > > Henning > > > > > > -- > > Henning Westerholt – https://skalatan.de/blog/ > > Kamailio services – https://gilawa.com > > > > > > > > *From:* Jayesh Nambiar via sr-users <sr-users@lists.kamailio.org> > *Sent:* Mittwoch, 4. Oktober 2023 08:54 > *To:* Kamailio (SER) - Users Mailing List <sr-users@lists.kamailio.org> > *Cc:* Jayesh Nambiar <jayesh1...@gmail.com> > *Subject:* [SR-Users] Crypto module AES algorithm details > > > > *Hello,* > > I am running kamailio-5.3.4 on one of my setup and I intend to use the > crypto module in the same. > > I wanted to understand the following details when the module is used: > > I understand it uses the AES algorithm, is that correct? > > Does it use AES 128, 192 or 256 bit algorithms? > > Does it use CBC or ECB mode for AES? > > The 5.3 version does not have an parameter for init-vector, so does > kamailio use any init vector internally in this case? > > > > When i compared the encrypted text that kamailio produces and the ones > available online, they were producing different outputs even when same > shared secret was used. Hence asking for more clarification > > > > PS: Upgrading kamailio is my very last option as this is one af an old > setup which only needs this feature without much changes. > > > > Thanks for any valuable response. > > > > *-- Jayesh* > > > > > >
__________________________________________________________ Kamailio - Users Mailing List - Non Commercial Discussions To unsubscribe send an email to sr-users-le...@lists.kamailio.org Important: keep the mailing list in the recipients, do not reply only to the sender! Edit mailing list options or unsubscribe:
