Linksys SPA941 - Service Provider Requirements

To Next Page

To Previous Page

DRAFT

Service Provider Requirements

The SPA Mini-Certificate (MC) has a 512-bit public key used for establishing secure calls. The

administrator must provision each subscriber of the secure call service with an MC and the corresponding

512-bit private key. The MC is signed with a 1024-bit private key of the service provider who acts as the

CA of the MC. The 1024-bit public key of the CA signing the MC must also be provisioned to each

subscriber. The CA public key is used by the SPA to verify the MC received from the other end. If the MC

is invalid, the SPA will not switch to secure mode. The MC and the 1024-bit CA public key are

concatenated and base64 encoded into the single parameter <Mini Certificate>. The 512-bit private key is

base64 encoded into the <SRTP Private Key> parameter, which should be hidden from the SPA’s web

interface like a password.

Since the secure call establishment relies on exchange of information embedded in message bodies of

SIP INFO requests/responses, the service provider must maker sure that their infrastructure will allow the

SIP INFO messages to pass through with the message body unmodified.

Linksys provides a configuration tool called gen_mc for the generation of MC and private keys with the

following syntax:

gen_mc <ca-key> <user-name> <user-id> <expire-date>

Where:

- ca-key is a text file with the base64 encoded 1024-bit CA private/public key pairs for signing/verifying

the MC, such as

9CC9aYU1X5lJuU+EBZmi3AmcqE9U1LxEOGwopaGyGOh3VyhKgi6JaVtQZt87PiJINKW8XQj3B9Qqe3V

gYxWCQNa335YCnDsenASeBxuMIEaBCYd1l1fVEodJZOGwXwfAde0MhcbD0kj7LVlzcsTyk2TZYTccnZ7

5TuTjj13qvYs=

5nEtOrkCa84/mEwl3D9tSvVLyliwQ+u/Hd+C8u5SNk7hsAUZaA9TqH8Iw0J/IqSrsf6scsmundY5j7Z5mK5J

9uBxSB8t8vamFGD0pF4zhNtbrVvIXKI9kmp4vph1C5jzO9gDfs3MF+zjyYrVUFdM+pXtDBxmM+fGUfrpAu

Xb7/k=

- user-name is the name of the subscriber, such as “Joe Smith”. Maximum length is 32 characters

- user-id is the user-id of the subscriber and must be exactly the same as the user-id used in the INVITE

when making the call, such as “14083331234”. Maximum length is 16 characters.

- expire-date is the expiration date of the MC, such as “00:00:00 1/1/34” (34=2034). Internally the date is

encoded as a fixed 12B string: 000000010134

The tool generates the <Mini Certificate> and <SRTP Private Key> parameters that can be provisioned to

the SPA.

For Example:

gen_mc ca_key “Joe Smith” 14085551234 “00:00:00 1/1/34”

Produces:

Sm9lIFNtaXRoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAxNDA4NTU1MTIzNAAAAAAAMDAwMDAw

MDEwMTM00OvJakde2vVMF3Rw4pPXL7lAgIagMpbLSAG2+++YlSqt198Cp9rP/xMGFfoPmDKGx6JFtk

Q5sxLcuwgxpxpxkeXvpZKlYlpsb28L4Rhg5qZA+Gqj1hDFCmG6dffZ9SJhxES767G0JIS+N8lQBLr0Auem

Other manuals for Linksys SPA941