To create or modify a Media Crypto Profile:
In the left navigation pane. go to Media > Media Crypto Profiles.
Click the Create Media Crypto Profile ( ) icon at the top of the Media Crypto Profiles page.
Anytime Supported is selected in the Operation Option field and the SIP transport is TCP/UDP, the SDP Crypto attributes are sent in plain text. Sonus recommends the use of TLS to protect the keys.
Specifies the manner in which encryption is supported in the profile.
Specifies the crypto suite that the Sonus SBC 1000/2000 uses to negotiate with a peer device.
Available options:
Default option: AES_CM_128_HMAC_SHA1_80.
Specifies whether or not the Master Key has an expiry.
Specifies the lifetime of the Master Key, measured in numbers of SRTP packets expressed as a power of 2 (e.g. 2^n SRTP Packets). If the value is set to zero, the Master Key never expires.
Specifies the rate at which the session key is refreshed during the SRTP session, measured in numbers of SRTP packets expressed as a power of 2 (e.g. 2^n SRTP Packets). If the value is set to zero, the session key is never refreshed.
This option is available when Derive Session Key is Set to a range 16 to 24.
Specifies the length of the Master Key Identifier, in bytes, sent in the SRTP packet.
The key identifier (MKI) identifies the master key from which the session key(s) were derived that authenticate and/or encrypt the particular packet.
If the MKI indicator is set to one(key identifier length > 0), the length (in octets) of the MKI field, and (for the sender) the actual value of the currently active MKI (the value of the MKI indicator and length MUST be kept fixed for the lifetime of the context).
Set this value to 0 to disable the MKI in SDP.