Services and clients that do security services for phones
tvsd- Server that responds to TVS requests.tvsctl- Mange the certificate database used bytvsd.tvsc- Client that can send TVS requests.capfd- Server that responds to CAPF requests.capfctl- Manage the device database used bycapfdcapfc- Client that can send CAPF requests.
See Trust Verification and Certificate Enrollment for example usage.
The following non-standard Python modules are required: crytography.
You can use the packages provided by your OS distribution or run
sudo pip3 install -r requirements.txt to satisfy those dependancies.
The following commands are for Ubuntu, you may need to adjust some them for a different distributions.
sudo useradd tvs -d /var/lib/tvs -s /usr/sbin/nologin
sudo mkdir -p /var/lib/tvs
sudo chown tvs:tvs /var/lib/tvs
sudo cp tvsctl tvsc /usr/local/bin
sudo cp tvsd /usr/local/sbin
Optionally, install the bash tab-completion helpers.
sudo cp bash_completion \
/etc/bash_completion.d/usecallmanagernz-daemons
See https://usecallmanager.nz/trust-verification.html#tvsctl
sudo -u tvs /usr/local/bin/tvsctl /var/lib/tvs/tvs.sqlite3 \
-a /etc/ssl/private/sast.pem -s
sudo -u tvs /usr/local/bin/tvsctl /var/lib/tvs/tvs.sqlite3 \
-a /etc/asterisk/keys/asterisk.pem -c
sudo -u tvs /usr/local/bin/tvsctl /var/lib/tvs/tvs.sqlite3 \
-a /etc/apache2/ssl-certs/apache.pem -A
...
sudo cp systemd.tvs.service /etc/systemd/system/tvs.service
sudo systemctl daemon-reload
sudo systemctl enable tvs
sudo systemctl start tvs
To see the output from the service run the following command.
journalctl -u tvs
The following commands are for Ubuntu, you may need to adjust some them for a different distributions.
sudo useradd capf -d /var/lib/capf -s /usr/sbin/nologin
sudo mkdir -p /var/lib/capf
sudo chown capf:capf /var/lib/capf
sudo cp capfctl capfc /usr/local/bin
sudo cp capfd /usr/local/sbin
Optionally, install the bash tab-completion helpers.
sudo cp bash_completion \
/etc/bash_completion.d/usecallmanagernz-daemons
See https://usecallmanager.nz/certificate-enrollment.html#capfctl
sudo -u capf /usr/local/bin/capfctl /var/lib/capf/capf.sqlite3 \
-i SEP58971ECC97C1 -p 123456
sudo -u capf /usr/local/bin/capfctl /var/lib/capf/capf.sqlite3 \
-i SEP58971ECD8532
...
sudo cp systemd.capf.service /etc/systemd/system/capf.service
sudo systemctl daemon-reload
sudo systemctl enable capf
sudo systemctl start capf
To see the output from the service run the following command.
journalctl -u capf
The database generated by version 1.x of tvsctl and capfctl utilities needs
to be modified to work with newer 2.x versions. To upgrade the databases
run the following commands:
sqlite3 /var/lib/tvs/tvs.sqlite3 'UPDATE certificates SET ttl = 86400 WHERE ttl IS NULL;'
sqlite3 /var/lib/capf/capf.sqlite3 'ALTER TABLE devices ADD COLUMN curve TEXT;'
sqlite3 /var/lib/capf/capf.sqlite3 'UPDATE devices SET operation = LOWER(operation);'
The database generated by version 1.x of the capfctl utility needs
to be modified to work with newer 2.x versions. To upgrade the database
run the following command:
sqlite3 /var/lib/capf/capf.sqlite3 'ALTER TABLE devices ADD COLUMN authentication TEXT;'
sqlite3 /var/lib/capf/capf.sqlite3 'UPDATE devices SET authentication = CASE WHEN LENGTH(password) THEN "password" ELSE "no password" END;'
The database generated by version 3.1 of the capfctl utility needs
to be modified to work with newer 2.x versions. To upgrade the database
run the following command:
sqlite3 /var/lib/capf/capf.sqlite3 'ALTER TABLE devices RENAME COLUMN curve TO curve_name;'
sqlite3 /var/lib/capf/capf.sqlite3 'UPDATE devices SET curve_name = "secp256r1" WHERE curve_name = "secp256k1";'
sqlite3 /var/lib/capf/capf.sqlite3 'UPDATE devices SET curve_name = "secp384r1" WHERE curve_name = "secp384p1";'