o=jdoe 2890844526 2890842807 IN IP4 10.47.16.5
i=A Seminar on the session description protocol
email@example.com (Jane Doe)
c=IN IP4 18.104.22.168/127
m=video 51372 RTP/SAVP 31
m=audio 49170 RTP/SAVP 0
m=application 32416 udp wb
The crypto line includes the master key and encryption algorithms etc.
From SRTP master key, srtp will derive other keys:
–> SSRC encryptions key
–> SSRC authentication key
So we need securely exchange master key first, there are several different protocols that may be used to negotiate SRTP session keys, including ZRTP, SDES, or DTLS
Normally we need TLS/SIPS signalling to securely transmit the master key first ( SDES).
ZRTP is designed to provide a secure method for two VoIP end-point to securely agree encryption keys that are subsequently used to encrypt media streams (voice or video) using SRTP. ZRTP uses the Diffie-Hellman algorithm which enables secure key agreement and avoids the overhead of certificate management or any other prior setup. ZRTP supports two Diffie-Hellman variants, finite field and elliptic curve. The keys agreed by ZRTP are ephemeral which means that they are discarded at the end of a call, avoiding the need for key management.
ZRTP is the protocol that the two parties use to negotiate the SRTP session key.