You can encrypt media with ZRTP without using TLS to encrypt the signalling.
On Fri, Jul 3, 2015 at 3:19 PM, Liviu Andronic <[email protected]> wrote: > On Fri, Jul 3, 2015 at 6:28 PM, David Bolton <[email protected]> > wrote: > > I'm interested in the end-to-end encryption via Linphone. I didn't see > any > > information in the user guide: http://www.linphone.org/user-guide.html I > > also searched the web but found very little except for a couple people > > saying they couldn't get it to work. > > > > Currently I'm testing Linphone by making calls between a linphone > account on > > my phone and a linphone account on my desktop. > > > > On the phone, Linphone displays a red lock with a slash through it. Does > > that mean it is not encrypted? When I tap on the lock nothing happens. On > > the desktop I don't see any visual UI about encryption or secure > > communication. > > > The barred lock usually means unencrypted connection. > > To obtain encrypted communications, what you want to do is: > - select for each account TLS as transport (beware as not all SIP > servers support this, so it's a bit of a hit and miss affair; if > account won't connect while TLS is selected, then said server doesn't > support it) > - select globally ZRTP media encryption in Network Settings > > You may also choose SRTP, but from my understanding it is much less > secure than ZRTP. ZRTP seems to be the golden standard in the > open-source world these days, and for instance Silent Circle uses this > ( https://silentcircle.com/faq-zrtp ). For a good overview of ZRTP and > its interface see: > https://jitsi.org/Documentation/ZrtpFAQ > > Bottom line: > - both clients have ZRTP enabled > (if one client doesn't, then the call is placed unencrypted and the > lock will be barred on the phone) > - once connection is established, both clients will get a 4 letter > code displayed > - users must jointly verify that they see the same code (if code > matches, each user can click on Verify code) > > The last step is supposed to ensure that not one third party has > tampered with the connection and that it is indeed end-to-end > encrypted. > > Regards, > Liviu > > > > David > > > > _______________________________________________ > > Linphone-users mailing list > > [email protected] > > https://lists.nongnu.org/mailman/listinfo/linphone-users > > > > > > -- > Do you think you know what math is? > http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02 > Or what it means to be intelligent? > http://www.ideasroadshow.com/issues/john-duncan-2013-08-30 > Think again: > http://www.ideasroadshow.com/library > > _______________________________________________ > Linphone-users mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/linphone-users >
_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
