Bug#1124641: asterisk: RSA Keys: astgenkey manpage => wrong key directory

Mon, 05 Jan 2026 03:57:18 -0800 

Hi Tzafrir

> >Correct for Debian is: /usr/share/asterisk/keys/  
> 
> Are you sure? Where is it set?
> 
> https://sources.debian.org/src/asterisk/1%3A22.7.0~dfsg%2B~cs6.15.60671435-1/debian/patches/2010_astdatadir.patch
> 
> This patch sets astdatadir to /usr/share/asterisk but leaves (as can be
> seen from the context) things like the keys dir under the astvarlibdir .
> 
> IIRC, astdatadir was added upstream when we merged most of our changes
> to use /usr/share/asterisk , leaving only minor changes like that patch.
> 
> So I suspect the bug is that astkeydir is set to some other value
> elsewhere, and that this should be fixed.

https://community.asterisk.org/t/how-to-rsa-keys-for-iax2-and-dundi/111489

On the machine I encountered that issue - asterisk was freshly
installed, astkeydir was not changed (I didn't even know it existed
until this case)

/etc/asterisk# grep -i astkey *
asterisk.conf:astkeydir => /var/lib/asterisk

Only this one occurence.

/etc/asterisk# LANG=C; ls -l /var/lib/asterisk/keys/ /usr/share/asterisk/keys/
/usr/share/asterisk/keys/:
total 24
-rw------- 1 asterisk asterisk  916 Jan  3 13:49 hb9eue.key
-rw------- 1 asterisk asterisk  272 Jan  3 13:49 hb9eue.pub
-rw------- 1 asterisk asterisk  916 Jan  3 13:50 sip.xxx.ch.key
-rw------- 1 asterisk asterisk  272 Jan  3 13:50 sip.xxx.ch.pub
drw------- 3 asterisk root     4096 Nov 23 10:43 stir_shaken
-rw------- 1 asterisk asterisk  272 Jan  3 14:54 vm.xxx.ch.pub

/var/lib/asterisk/keys/:
total 0

mail*CLI> reload res_crypto.so 
Module 'res_crypto.so' reloaded successfully.
    -- Reloading module 'res_crypto.so' (Cryptographic Digital Signatures)
mail*CLI> keys show 
Key Name           Type     Status           Sum                              
------------------ -------- ---------------- -------------------------------- 
vm.xxx.ch          PUBLIC   [Loaded]         88e9d803057565fa36898e6636cf1960 
sip.xxx.ch         PUBLIC   [Loaded]         2b05a196a50ad6bf219af9410292551a 
hb9eue             PUBLIC   [Loaded]         0c3a8f6992729c89c65c6427358316be 
hb9eue             PRIVATE  [Loaded]         00d040cf4ae25475053934283254b899 
sip.xxx.ch         PRIVATE  [Loaded]         de8e2d211d453b125f1ddceb1e8ccd9b

I did obfuscate the domain names.

So these definitely work from /usr/share/asterisk/keys/ and did not
work when I first placed them into /var/lib/asterisk/keys/ according to
the man page.

perhaps astkeydir should point to /var/lib/asterisk/keys/ instead of
just /var/lib/asterisk/ ?

-Benoit-

Reply via email to