Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


Panel

In this section:

Table of Contents
maxLevel2



 

The Crypto Suite Profile is used to negotiate cryptographic algorithms when establishing unicast media streams involving Secure RTP/RTCP. The 

Spacevars
0product
 includes the crypto suites and optional session parameters in one or more crypto attributes (a=crypto) of SDP offers and answers. Each crypto attribute describes a cryptographic suite, key parameters, and any optional session parameters. The most preferred crypto suite is listed first. A SIP call signals and negotiates cryptographic parameters for the media stream via the SDP m= line Crypto attribute. These parameters are mostly grouped into a "crypto-suite" field that describes the encryption and authentication algorithms for transport. The appropriate crypto suite profile may include valid combinations of the following session parameters:

  • unauthenticatedSRTP—Signals that the SRTP packet payloads are not authenticated.
  • unencryptedSRTP—Signals that the SRTP packet payloads are not encrypted.
  • unencryptedSRTCP—Signals that the SRTCP packet payloads are not encrypted.

By default, SRTP and SRTCP packet payloads are both authenticated and encrypted. The SRTP specification requires the use of message authentication for SRTCP, but not for SRTP. Use of unauthenticatedSRTP is not recommended. 

Command Syntax

Code Block
languagenone
% set profiles security cryptoSuiteProfile <profile name> 
	entry <priority> 
	cryptoSuite <cryptoSuite> 
	sessionParameterFlags <sessionParameterFlags> 

% show profiles security cryptoSuiteProfile <cryptoSuiteProfile> displaylevel <displaylevel> 

% delete profiles security cryptoSuiteProfile <cryptoSuiteProfile>

Command Parameters

The Crypto Suite Profile Parameters are as shown below:

Caption
0Table
1Crypto Suite Profile Parameters


Parameter

Length/Range

Description

cryptoSuiteProfile

1-23

The name of the Crypto Suite Profile.

entry

0-65535

Use this parameter to specify the priority of this profile.(default = 1).

cryptoSuite

N/A

A prioritized list of supported crypto suites that the 

Spacevars
0product
uses in one or more crypto attributes (a=crypto) of SDP offers and answers when negotiating Secure RTP calls using this profile.

  • AEAD_AES_128_GCM

  • AEAD_AES_256_GCM

  • AES-CM-128-HMAC-SHA1-32

  • AES-CM-128-HMAC-SHA1-80

  • AES_192_CM_HMAC_SHA1_32

  • AES_192_CM_HMAC_SHA1_80

  • AES_256_CM_HMAC_SHA1_32

  • AES_256_CM_HMAC_SHA1_80

  • none

Note: Only AES-CM-128-HMAC-SHA1-80 and AES-CM-128-HMAC-SHA1-32 crypto suites are currently supported for DTLS-SRTP.

sessionParameterFlags

N/A

Use this parameter to specify authentication/encryption settings of the session parameter flags.

  • unauthenticatedSRTP – Enable to signal that the SRTP packet payloads are not authenticated.
    • disable (default)
    • enable
  • unencryptedSRTCP Enable to signal that the SRTCP packet payloads are not encrypted.
    • disable (default)
    • enable
  • unencryptedSRTP – Enable to signal that the SRTP packet payloads are not encrypted.
    • disable (default)
    • enable


Command Example

Code Block
languagenone
% show profiles security cryptoSuiteProfile 
cryptoSuiteProfileTest DEFAULT  {
     entry 1 { 
	cryptoSuite AES-CM-128-HMAC-SHA1-80; 
	sessionParameterFlags { 
	    unencryptedSRTCP enable; 
	    unencryptedSRTP enable; 
	    unauthenticatedSRTP enable; 
        } 
    } 
} 

Pagebreak