Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.


CSS Stylesheet
img.confluence-embedded-image { display: inline-block !important; }

Add_workflow_for_techpubs
AUTH1UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'}
JIRAIDAUTHSYM-24478
REV5UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'}
REV6UserResourceIdentifier{userKey=8a00a0c85b2726c2015b58aa779d0003, userName='null'}
REV3UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26c99e02c0, userName='null'}
REV1UserResourceIdentifier{userKey=8a00a02355cd1c2f0155cd26ce5f0b8d, userName='null'}

To create or modify an SDES-SRTP Profile:

Info

SDES-SRTP Profiles was previously named Media Crypto Profiles.

Excerpt Include
Managing SDES-SRTP Profiles
Managing SDES-SRTP Profiles
nopaneltrue

Modifying an SDES-SRTP Profile

Include Page
_Modify_Entry
_Modify_Entry
nopaneltrue

Creating an SDES-SRTP Profile

  1. Click the Create SDES-SRTP Profile ( ) icon at the top of the SDES-SRTP Profiles page.


    Anchor
    properties
    properties

SRTP Config - Field Definitions

Operation Option

Panel
bgColor#FAFAFA
borderStylenone

Specifies the manner in which encryption is supported in the profile.

  • Required: This setting permits call connections only if encryption can be used for the call. If the peer device does not support SRTP (Secure Real Time Protocol) for voice encryption over the IP network, the call setup will fail.
  • Supported: This setting advertises to the peer device that the
    Spacevars
    0longproduct
    implements SRTP. However, a call connection is allowed in secure or unsecure mode depending on the peer preference and capability.
  • Off: This setting disables the use of SRTP for encrypted calling.
Info

Anytime Supported is selected in the Operation Option field and the SIP transport is TCP/UDP, the SDP Crypto attributes are sent in plain text.

Spacevars
0company
recommends the use of TLS to protect the keys.


Crypto Suite

Panel
bgColor#FAFAFA
borderStylenone

Specifies the crypto suite that the

Spacevars
0company
uses to negotiate with a peer device.

Available options:

  • AES_CM_128_HMAC_SHA1_80. A crypto suite algorithm which uses the 128 bit AES-CM encryption key and a 80 bit HMAC_SHA1 message authentication tag length.
  • AES_CM_128_HMAC_SHA1_32. A crypto suite algorithm which uses the 128 bit AES-CM encryption key and a 32 bit HMAC_SHA1 message authentication tag length.

Default option: AES_CM_128_HMAC_SHA1_80.

Primary Key - Field Definitions

Primary Key Lifetime

Panel
bgColor#FAFAFA
borderStylenone

Specifies whether or not the Primary Key has an expiry.

Lifetime Value

Panel
bgColor#FAFAFA
borderStylenone

Specifies the lifetime of the Primary Key, measured in numbers of SRTP packets expressed as a power of 2 (i.e., 2^n SRTP Packets) with a configurable range of 2^1 to 2^48 . When Primary Key Lifetime is configured to Never Expires, a Lifetime Value of 2^48 is used.

Derivation Rate

Panel
bgColor#FAFAFA
borderStylenone

Specifies the rate at which the session key is refreshed during the SRTP session, measured in numbers of SRTP packets expressed as a power of 2 (e.g. 2^n SRTP Packets). If the value is set to zero, the session key is never refreshed.

(info) This option is available when Derive Session Key is Set to a range 16 to 24.

Pagebreak

Key Identifier Length

Panel
bgColor#FAFAFA
borderStylenone

Specifies the length of the Primary Key Identifier, in bytes, sent in the SRTP packet.

The key identifier (MKI) identifies the primary key from which the session key(s) were derived that authenticate and/or encrypt the particular packet.

If the MKI indicator is set to one (key identifier length > 0), the length (in octets) of the MKI field, and (for the sender) the actual value of the currently active MKI (the value of the MKI indicator and length MUST be kept fixed for the lifetime of the context).

Set this value to 0 to disable the MKI in SDP.