One-Line Extractor

Handy for getting a simple dump of what the claims are, to check for validity, without worrying about certificate chains and JWT signatures and other things. (You can change the $2 to $1 to see the JWT header, and ignore the potential 'base64 invalid input error')

awk -F. '/From:|To:/; /Identity:/ { z="echo "$2" | sed s/Identity:.// | base64 -d"; z | getline b; print b };' < /file/containing/invite

What is 'valid'?

This is valid. (Ignoring the iat timestamp):
  {"attest":"B","dest":{"tn":["12125551234"]},"iat":1629145644,"orig":{"tn":"19205551234"},"origid":"5e0f3f6c-da74-11eb-8d19-0242ac130003","rcd":{"nam":"James Bond"}}

  • attest must be a single capital. The current valid values are A, B or C
  • orig and dest tn values ('Telephone Number') must be a string consisting ONLY OF NUMBERS, # and *. There must not be a leading plus. "12125551234" is valid. "+12125551234" is not valid. Note that this should be a full E164 number (12125551234 or 61414001002 for example)
  • iat must be an INTEGER. That means there must not be quotes around it. It must also be recent. You can use the command date +%s to get the current utime. (It's 1709056503 if you don't want to look it up)
  • origid must be a UUID. This means it must be 36 characters long, and formatted as per RFC4122. You must be able to use this uuid to find the originator of the call.
  • rcd (Rich Call Data) is an optional parameter specifing the Caller ID Name (nam). Note that many other fields are available. See IPNNI-2019-0024R00 for more information

What else should you do?

  • You should set your TNs to be a complete e164 number, excluding the leading plus. This means, if you're in the US, it should be 11 characters long exactly (Unless it's an emergency call)
  • You should set your origid to be something internal that you can trace. A useful value will be your internal Call-ID.

Cert Validation process:

  • wget http://cacerts.ccid.neustar/NeustarCertifiedCallerIdRootCA.crt (Or from here)
  • wget https://stir.tel/certs/fcc/704J-chain.crt
  • openssl verify -CAfile NeustarCertifiedCallerIdRootCA.crt -show_chain 704J-chain.crt