o Generate the private key as below.
$ openssl genpkey -algorithm X25519 -out /etc/open5gs/hnet/curve25519-1.key
$ openssl ecparam -name prime256v1 -genkey -conv_form compressed -out /etc/open5gs/hnet/secp256r1-2.key
o The private and public keys can be viewed with the command.
The public key is used when creating the SIM.
$ openssl pkey -in /etc/open5gs/hnet/curve25519-1.key -text
$ openssl ec -in /etc/open5gs/hnet/secp256r1-2.key -conv_form compressed -text
In ausf/udm.yaml
hnet:
o Home network public key identifier(PKI) value : 1
Protection scheme identifier : ECIES scheme profile A
- id: 1
scheme: 1
key: /etc/open5gs/hnet/curve25519-1.key
o Home network public key identifier(PKI) value : 2
Protection scheme identifier : ECIES scheme profile B
- id: 2
scheme: 2
key: /etc/open5gs/hnet/secp256r1-2.key
o Home network public key identifier(PKI) value : 3
Protection scheme identifier : ECIES scheme profile A
- id: 3
scheme: 1
key: /etc/open5gs/hnet/curve25519-1.key
o Home network public key identifier(PKI) value : 4
Protection scheme identifier : ECIES scheme profile B
- id: 4
scheme: 2
key: /etc/open5gs/hnet/secp256r1-2.key
Related to #1779
Confirmation for non-cleartext IE should only be applied
to the initial NAS message. Registration requests and Service requests
with UplinkNASTransport do not have to.
1. If UE does not use a NAS container for Non-cleartext IEs,
Open5GS AMF will send Registration reject message.
2. If UE sends Non-cleartext IEs without Integrity-protected,
Open5GS AMF will send Registration reject message.
3. If UE does not send NAS container in Security mode complete message,
Open5GS AMF will send Registration reject message.
The AMF shall assign a new 5G-GUTI for a particular UE:
a) during a successful initial registration procedure;
b) during a successful registration procedure
for mobility registration update; and
c) after a successful service request procedure invoked as a response
to a paging request from the network and before the release
of the N1 NAS signalling connection as specified in subclause 5.4.4.1.
The AMF should assign a new 5G-GUTI for a particular UE
during a successful registration procedure
for periodic registration update. The AMF may assign a new 5G-GUTI
at any time for a particular UE by performing
the generic UE configuration update procedure.