How are the keys used to?

Q/A
#1

Hello,

Would you give me some advice about the keys used in free5gc v3.0.5?
I found some setting items related to keys in the UDM config.
I was wondering what they are used for and whether there is a necessity to replace them with original one or not.
If replacement are recommended, are there any requirements ? (e.g. length, ciphers, etc)

  1. some key files placed in https://github.com/free5gc/free5gc/tree/v3.0.5/support/TLS.

tls: # the local path of TLS key
log: free5gc/udmsslkey.log # UDM keylog
pem: free5gc/support/TLS/udm.pem # UDM TLS Certificate
key: free5gc/support/TLS/udm.key # UDM TLS Private key

  1. some keys written in the config file

keys:
udmProfileAHNPublicKey: 5a8d38864820197c3394b92613b20b91633cbd897119273bf8e4a6f4eec0a650
udmProfileAHNPrivateKey: c53c22208b61860b06c62e5406a7b330c2b577aa5558981510d128247d38bd1d
udmProfileBHNPublicKey: 0472DA71976234CE833A6907425867B82E074D44EF907DFB4B3E21C1C2256EBCD15A7DED52FCBB097A4ED250E036C7B9C8C7004C4EEDC4F068CD7BF8D3F900E3B4
udmProfileBHNPrivateKey: F1AB1074477EBCC7F554EA1C5FC368B1616730155E0041AC447D6301975FECDA

Thank you for your help.

#2

@NK636,

If you just want to test the functionality of free5GC, you don’t need to replace them.

  1. Key files placed in support/TLS/
    The udm.pem and udm.key is for deploying https server.
    You can see the source code in NFs/udm/service/init.go, the paths of pem and key files are the parameters of ListenAndServeTLS function.
    There is explain and example in the documentation of net/http at https://pkg.go.dev/net/http#ListenAndServeTLS
  2. Keys written in the config file
    The SIDF in UDM shall resolve the SUPI from the SUCI based on the protection scheme used to generate the SUCI.
    The key pair is used to transfer suci to supi, you can check it out at util_3gpp/suci/toSupi.go.
    The value of these keys are defined in TS33501-f60 C.4, so you don’t need to modify them unless you have other operator-specific protection scheme.
#3

Hello @SymbolWu,

Thank you for your response.
I would like to check the information you gave me about the keys .

#4