[SR-Users] Re: Crypto module AES algorithm details

(Please keep the list in CC) Hello, The web tools might use another logic internally. I had some success with a java library use case and also with PostgreSQL, I think. A usual use-case is to have an encrypted password value in a DB, for data at rest encryption. The password is encrypted from something else. Then inside the Kamailio cfg you want to encrypt it on the fly, to use it for example for challenging a phone with username/password. Maybe you can give it a try with some python or other script languages, where you can play with the different crypto system parameter more easily. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com *From:* Jayesh Nambiar <jayesh1017(a)gmail.com> *Sent:* Donnerstag, 5. Oktober 2023 06:41 *To:* Henning Westerholt <hw(a)gilawa.com> *Subject:* Re: [SR-Users] Crypto module AES algorithm details *Hello Henning,* Thanks for the super fast reply. I tested this within kamailio 5.3.4 and I can successfully encrypt a header value and also the same encrypted value decrypts to proper plain text when. But when I compare the encrypted text with online resources like https://www.devglan.com/online-tools/aes-encryption-decryption and https://www.javainuse.com/aesgenerator, their encrypted text value is different from what I see from kamailio. Both these resources produce the same encrypted text while the encrypted text from kamailio is different. How do I validate this? My use case is as follows: -- I get an encrypted text in a SIP Header -- I decrypt it and validate it against some DB -- If valid proceed or else exit Now if the algorithm doesnt match exactly, there are chances of error, hence asking question on how to validate it. On Wed, Oct 4, 2023 at 1:43 PM Henning Westerholt <hw(a)gilawa.com> wrote: Hello Jayesh, AFAIK its uses AES 256 with CBC mode. The IV is generated from OpenSSL, e.g. https://www.openssl.org/docs/man3.0/man3/EVP_BytesToKey.html For newer versions I have added the init_vector functionality to enable interoperability with other crypto functions, e.g. some databases, java frameworks etc. If you want to use this functionality, I’d suggest to update, as the 5.3. is also end of life since some time. Otherwise you can of course also backport this feature. Cheers, Henning -- Henning Westerholt – https://skalatan.de/blog/ Kamailio services – https://gilawa.com *From:* Jayesh Nambiar via sr-users <sr-users(a)lists.kamailio.org> *Sent:* Mittwoch, 4. Oktober 2023 08:54 *To:* Kamailio (SER) - Users Mailing List <sr-users(a)lists.kamailio.org> *Cc:* Jayesh Nambiar <jayesh1017(a)gmail.com> *Subject:* [SR-Users] Crypto module AES algorithm details *Hello,* I am running kamailio-5.3.4 on one of my setup and I intend to use the crypto module in the same. I wanted to understand the following details when the module is used: I understand it uses the AES algorithm, is that correct? Does it use AES 128, 192 or 256 bit algorithms? Does it use CBC or ECB mode for AES? The 5.3 version does not have an parameter for init-vector, so does kamailio use any init vector internally in this case? When i compared the encrypted text that kamailio produces and the ones available online, they were producing different outputs even when same shared secret was used. Hence asking for more clarification PS: Upgrading kamailio is my very last option as this is one af an old setup which only needs this feature without much changes. Thanks for any valuable response. *-- Jayesh*