Got it! Thank you all for your help! David
On Fri, Jul 3, 2015 at 2:30 PM, Russell Treleaven <[email protected]> wrote: > You can encrypt media with ZRTP without using TLS to encrypt the > signalling. > > > > On Fri, Jul 3, 2015 at 3:19 PM, Liviu Andronic <[email protected]> > wrote: > >> On Fri, Jul 3, 2015 at 6:28 PM, David Bolton <[email protected]> >> wrote: >> > I'm interested in the end-to-end encryption via Linphone. I didn't see >> any >> > information in the user guide: http://www.linphone.org/user-guide.html >> I >> > also searched the web but found very little except for a couple people >> > saying they couldn't get it to work. >> > >> > Currently I'm testing Linphone by making calls between a linphone >> account on >> > my phone and a linphone account on my desktop. >> > >> > On the phone, Linphone displays a red lock with a slash through it. Does >> > that mean it is not encrypted? When I tap on the lock nothing happens. >> On >> > the desktop I don't see any visual UI about encryption or secure >> > communication. >> > >> The barred lock usually means unencrypted connection. >> >> To obtain encrypted communications, what you want to do is: >> - select for each account TLS as transport (beware as not all SIP >> servers support this, so it's a bit of a hit and miss affair; if >> account won't connect while TLS is selected, then said server doesn't >> support it) >> - select globally ZRTP media encryption in Network Settings >> >> You may also choose SRTP, but from my understanding it is much less >> secure than ZRTP. ZRTP seems to be the golden standard in the >> open-source world these days, and for instance Silent Circle uses this >> ( https://silentcircle.com/faq-zrtp ). For a good overview of ZRTP and >> its interface see: >> https://jitsi.org/Documentation/ZrtpFAQ >> >> Bottom line: >> - both clients have ZRTP enabled >> (if one client doesn't, then the call is placed unencrypted and the >> lock will be barred on the phone) >> - once connection is established, both clients will get a 4 letter >> code displayed >> - users must jointly verify that they see the same code (if code >> matches, each user can click on Verify code) >> >> The last step is supposed to ensure that not one third party has >> tampered with the connection and that it is indeed end-to-end >> encrypted. >> >> Regards, >> Liviu >> >> >> > David >> > >> > _______________________________________________ >> > Linphone-users mailing list >> > [email protected] >> > https://lists.nongnu.org/mailman/listinfo/linphone-users >> > >> >> >> >> -- >> Do you think you know what math is? >> http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02 >> Or what it means to be intelligent? >> http://www.ideasroadshow.com/issues/john-duncan-2013-08-30 >> Think again: >> http://www.ideasroadshow.com/library >> >> _______________________________________________ >> Linphone-users mailing list >> [email protected] >> https://lists.nongnu.org/mailman/listinfo/linphone-users >> > > > _______________________________________________ > Linphone-users mailing list > [email protected] > https://lists.nongnu.org/mailman/listinfo/linphone-users > >
_______________________________________________ Linphone-users mailing list [email protected] https://lists.nongnu.org/mailman/listinfo/linphone-users
