On peut être passionné par la téléphonie et prendre soin de soi : "Faites du sport, faites du vélo" est la devise du site d'e-commerce lancé par l'un des auteurs de Panoramisk : bikeo. Si vous faites du vélo, que ce soit en ville, sur la route ou sur les chemins plus accidentés, n'hésitez pas à aller faire un petit tour sur www.bikeo.fr pour vos prochains achats verts.
En plus leur plate-forme de téléphonie utilise Asterisk, comme quoi on peut la convergence est une réalité.

Pages: 1 2 3

IAX is the preferred solution when interconnecting two Asterisk. In addition to voice cipher (see “IAX trunk and voice ciphering“) and secret based authentication, it could be interesting to bring the authentication to an upper level: RSA key verification.

The purpose of this article is to explain how to setup RSA authentication in IAX trunk but also how to use X.509 certificates to get RSA keys from.

Introduction

RSA is a key algorithm that allows ciphering and signing operations. X.509 certificate is a key component of a PKI¹ which includes also a key that could be an RSA one.

An RSA key is composed of two parts: a public and a private one. The public can be publicly exposed, sent through email or put on a web server. The private one should be kept securely. The two main function that can be performed with these keys are ciphering and signing. Any ciphering operation performed with the public key can only be deciphered by the private one. Signing a file is done with the private key and could be checked with the public one.
In the Asterisk IAX trunk context, the private key will be used at the calling extremity of the trunk and the public one at the callee one. For example, when using the FWD² service, you validate incoming calls with the public RSA key of FWD, this key is present in the Asterisk distribution, but the private key isn’t available and used only at the FWD side.

Configuring the IAX trunk with RSA authentication

Even if we don’t have yet a key (see below), we start with the Asterisk configuration, which is very easy and straightforward. First we need the public and private part of the RSA key in two separate files. After we change the IAX trunk configuration we already have and include the authentication part. Here we have a trunk between Paris and London and Paris calls should be authenticated at the London Asterisk. Both configurations looks like:

[Trunk-London]
type=peer
username=TRUNK-London
host=asterisk-london
trunk=yes
qualify=50
disallow=all
allow=alaw
auth=rsa
outkey=Paris

[TRUNK-London]
type=user
host=dynamic
context=internal
username=TRUNK-London
trunk=yes
auth=rsa
inkeys=Paris

In bold the new part of the configuration. Here you can see both key definition is called Paris, in fact this is the name of the file located on both servers in the /var/lib/asterisk/keys/ directory. The file in Paris should be named with a .key extension since it is a private key (this is a common mistake when getting a private key from any other tool). On the London server, the key file uses a .pub extension and is located in the same directory.

1. Public Key Infrastructure [↩]
2. Free World Dialup [↩]

Pages: 1 2 3