| Author |
Message |
Herr Lehmann
Guest
|
 Posted:
Wed Oct 19, 2005 4:51 pm Post subject:
RTP encryption? |
|
|
Hi,
in the SIP/SDP-packets of audio and video I found out that encryption is
optional. (Content was: "Key Type": base64; "Key Data": ... {43 Byte
ASCII String} and "Media Attribute": encryption:optional)
How will the media be encrypted? Or where can I proove, that it really
is encrypted, because it's only optional?
There is much ado about TLS and SIP encryption in the docs, but nothing
(as far as I know) about RTP encryption, which in my opinion is as
important as the signaling.
Thanks |
|
| Back to top |
|
 |
Herr Lehmann
Guest
|
| Posted:
Thu Oct 20, 2005 12:51 pm Post subject:
Re: RTP encryption? |
|
|
Hey,
thanks for this useful hint!
I found that entry in the GPO and there you can choose between optional
or required encryption. According to the regular SIP/SDP negotiation
"optional" means, that the conversation gets encrypted if both endpoints
support it. "required" means that no session will be established, if one
of the endpoints is not capable.
Therefore, if you set it to required, you can be sure that the media is
encrypted, if a session is established.
At least, I don't know how save this should be. That depends on the
algorithm and key lengths.
Thank you! |
|
| Back to top |
|
|
Pawel Bolek
Guest
|
| Posted:
Thu Oct 20, 2005 12:51 pm Post subject:
Re: RTP encryption? |
|
|
Hey there,
I have seen the encryption option in the GPO but ohnestly i have no idea how
to test if the sending RTP steream is encrypted.
You can turn encrytption in office communicator GPO | Specify encryptionb
for computer-to-computer audio and video calls.
greetings
Pawel
Uzytkownik "Herr Lehmann" <a.20.querfidelmub@spamgourmet.com> napisal w
wiadomosci news:eSF%23WPM1FHA.2132@TK2MSFTNGP15.phx.gbl...
| Quote: | Hi,
in the SIP/SDP-packets of audio and video I found out that encryption is
optional. (Content was: "Key Type": base64; "Key Data": ... {43 Byte ASCII
String} and "Media Attribute": encryption:optional)
How will the media be encrypted? Or where can I proove, that it really is
encrypted, because it's only optional?
There is much ado about TLS and SIP encryption in the docs, but nothing
(as far as I know) about RTP encryption, which in my opinion is as
important as the signaling.
Thanks |
|
|
| Back to top |
|
|
Pawel Bolek
Guest
|
| Posted:
Fri Oct 21, 2005 8:51 am Post subject:
Re: RTP encryption? |
|
|
hey there
thx for the great reveiw
I took a closer look at those option and set it up to required.
Do you have any idea how to check out if the stream is really encryptet or
not ?
greetings
Pawel
Uzytkownik "Herr Lehmann" <a.20.querfidelmub@spamgourmet.com> napisal w
wiadomosci news:ufEaAQW1FHA.1564@tk2msftngp13.phx.gbl...
| Quote: | Hey,
thanks for this useful hint!
I found that entry in the GPO and there you can choose between optional or
required encryption. According to the regular SIP/SDP negotiation
"optional" means, that the conversation gets encrypted if both endpoints
support it. "required" means that no session will be established, if one
of the endpoints is not capable.
Therefore, if you set it to required, you can be sure that the media is
encrypted, if a session is established.
At least, I don't know how save this should be. That depends on the
algorithm and key lengths.
Thank you! |
|
|
| Back to top |
|
|
Herr Lehmann
Guest
|
| Posted:
Fri Oct 21, 2005 12:50 pm Post subject:
Re: RTP encryption? |
|
|
Hi Pawel,
If you are able to set to clients to use the PCMU codec, then you can
capture the stream with ethereal and perform a "RTP Stream Analysis".
There is an option to save the RTP payload - but only in the PCMU
format. If you were able to do so, you could try to play the file with a
media player.
If it is encrypted, you'll have noise. If it is not encrypted, you'll
have a signal.
I'm stuck in other stuff, so I didn't did that, yet. If you try it,
please tell me your results.
I think the preferred audiocodec can be set in the device manager.
Best regards
HL |
|
| Back to top |
|
|
Herr Lehmann
Guest
|
| Posted:
Mon Oct 24, 2005 12:51 pm Post subject:
Re: RTP encryption? |
|
|
I tried.
If one has the value "1", which means required and one has the value
"2", wich means no encryption, the Invitation fails. The LCS sends a 488
Error "Encryption Level not compatibel".
Best regards
HL |
|
| Back to top |
|
|
Pawel Bolek
Guest
|
| Posted:
Mon Oct 24, 2005 4:51 pm Post subject:
Re: RTP encryption? |
|
|
Hey Herr
Thx for the feedback.
I havent had time to test it out but nice to hear that you have done it.
Did u try to sent an enrypted stream - both users 1 and get the information
if it is really encrypted ?
greetings
Pawel
Uzytkownik "Herr Lehmann" <a.20.querfidelmub@spamgourmet.com> napisal w
wiadomosci news:eWKVAFI2FHA.2880@TK2MSFTNGP12.phx.gbl...
| Quote: | I tried.
If one has the value "1", which means required and one has the value "2",
wich means no encryption, the Invitation fails. The LCS sends a 488 Error
"Encryption Level not compatibel".
Best regards
HL |
|
|
| Back to top |
|
|
Herr Lehmann
Guest
|
| Posted:
Tue Oct 25, 2005 8:51 am Post subject:
Re: RTP encryption? |
|
|
Oh, you made me curious...
I tried that to. While capturing a session with the default setting "0"
or "optional" my Ethereal displays the RTP-packets well.
By setting the values to "1" or "required" on both sides, the capture
displays useless RTP-crap. Therefore I'm pretty sure it is encrypted.
Still don't know what algorithm is used...
Greetings
HL
Pawel Bolek schrieb:
| Quote: | Hey Herr
Thx for the feedback.
I havent had time to test it out but nice to hear that you have done it.
Did u try to sent an enrypted stream - both users 1 and get the information
if it is really encrypted ?
greetings
Pawel
Uzytkownik "Herr Lehmann" <a.20.querfidelmub@spamgourmet.com> napisal w
wiadomosci news:eWKVAFI2FHA.2880@TK2MSFTNGP12.phx.gbl...
I tried.
If one has the value "1", which means required and one has the value "2",
wich means no encryption, the Invitation fails. The LCS sends a 488 Error
"Encryption Level not compatibel".
Best regards
HL
|
|
|
| Back to top |
|
|
Wei Zhong (Microsoft)
Guest
|
|
| Back to top |
|
|
|
|
|
|
FAQ
Memberlist
Register
Profile
Log in to check your private messages
Log in