[Asterisk-Dev] Re: SRTP with keymanagement, SIP over TCP

Mikael Magnusson mikaelmagnusson at glocalnet.net
Thu Dec 8 05:55:26 MST 2005


On Thu, Dec 08, 2005 at 01:14:14AM -0800, Wolfgang S. Rupprecht wrote:
> 
> John Todd <jtodd at loligo.com> writes:
> >    - ensure that you are testing against inexpensive equipment (Sipura
> > is an SRTP device which is cheap...)
> 
> Did Sipura ever release enough information for folks to make their own
> "mini-certificates"?  P.17 - P.19 of 841AdminGuide1105.pdf has some
> good hints, but I haven't been able to make enough sense of it to
> generate one from openssl.
> 
> -wolfgang

I was able to figure out how the mini certificates work by reading that
document. They have left out important information about the algorithms.

The mini certificate contains a 512-bit RSA modulus (n) as the Public Key,
and a 1024-bit RSA modulus (n) is appended as the Public Key of the
signing "CA". Both have a public exponent (e) of 0x10001 (65537). The
Signature is a SHA1 message digest of the User Name, User ID, Expiration
Date and Public Key padded with PKCS1 padding and encrypted with the
private key of the "CA".

/Mikael




More information about the asterisk-dev mailing list