Hi Alexandru,
OpenSIPS is using the signature in DER encoded format (as it is directly
generated by openssl) but indeed it is not the proper format as per RFC
7518. Thanks for the report, I am working on a fix.
Regards,
Vlad Patrascu
On 10.04.2020 12:28, Alexandru Tripon wrote:
Hi,
I tried to populate the Identity header with the stir_shaken module.
The header is populated but when I try to verify the signature using
an external tool it fails because of the length.
I have the folowing Identity generated by Opensips:
`
eyJhbGciOiJFUzI1NiIsInBwdCI6InNoYWtlbiIsInR5cCI6InBhc3Nwb3J0IiwieDV1IjoiL2hvbWUvdHJpYWwvTHVjcnUvQ29kZS9zdGlyU2hha2VuL215cHVia2V5LnBlbSJ9.eyJhdHRlc3QiOiJBIiwiZGVzdCI6eyJ0biI6WyIxMDAyIl19LCJpYXQiOjE1ODY1MDMxODcsIm9yaWciOnsidG4iOiIxMDAxIn0sIm9yaWdpZCI6IjEyMzQ1NiJ9.MEYCIQCjIx6w8IeilqHq0jbc6uwIB9v1RDmecoep0gRJJC4EmQIhANH1MO9jwRtqH6jgFH12XqROFv-nUroEgzsRAaMJtAsR;info=\u003c/home/trial/Lucru/Code/stirShaken/mypubkey.pem\u003e;ppt=\"shaken\"
`
the lenght of encoded signature(in base64) is 96 and in the decoded
one is 72.
In the RFC for ES256
algorithm(https://tools.ietf.org/html/rfc7518#section-3.4) the length
of the decoded signature is 64.
Am I missing something here?
Thanks,
Alexandru Tripon
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
_______________________________________________
Users mailing list
Users@lists.opensips.org
http://lists.opensips.org/cgi-bin/mailman/listinfo/users
