linphone-users
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Linphone-users] End-to-end encryption in Linphone


From: Russell Treleaven
Subject: Re: [Linphone-users] End-to-end encryption in Linphone
Date: Fri, 3 Jul 2015 15:30:00 -0400

You can encrypt media with ZRTP without using TLS to encrypt the signalling.



On Fri, Jul 3, 2015 at 3:19 PM, Liviu Andronic <address@hidden> wrote:
On Fri, Jul 3, 2015 at 6:28 PM, David Bolton <address@hidden> wrote:
> I'm interested in the end-to-end encryption via Linphone. I didn't see any
> information in the user guide: http://www.linphone.org/user-guide.html I
> also searched the web but found very little except for a couple people
> saying they couldn't get it to work.
>
> Currently I'm testing Linphone by making calls between a linphone account on
> my phone and a linphone account on my desktop.
>
> On the phone, Linphone displays a red lock with a slash through it. Does
> that mean it is not encrypted? When I tap on the lock nothing happens. On
> the desktop I don't see any visual UI about encryption or secure
> communication.
>
The barred lock usually means unencrypted connection.

To obtain encrypted communications, what you want to do is:
- select for each account TLS as transport (beware as not all SIP
servers support this, so it's a bit of a hit and miss affair; if
account won't connect while TLS is selected, then said server doesn't
support it)
- select globally ZRTP media encryption in Network Settings

You may also choose SRTP, but from my understanding it is much less
secure than ZRTP. ZRTP seems to be the golden standard in the
open-source world these days, and for instance Silent Circle uses this
( https://silentcircle.com/faq-zrtp ). For a good overview of ZRTP and
its interface see:
https://jitsi.org/Documentation/ZrtpFAQ

Bottom line:
- both clients have ZRTP enabled
(if one client doesn't, then the call is placed unencrypted and the
lock will be barred on the phone)
- once connection is established, both clients will get a 4 letter
code displayed
- users must jointly verify that they see the same code (if code
matches, each user can click on Verify code)

The last step is supposed to ensure that not one third party has
tampered with the connection and that it is indeed end-to-end
encrypted.

Regards,
Liviu


> David
>
> _______________________________________________
> Linphone-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/linphone-users
>



--
Do you think you know what math is?
http://www.ideasroadshow.com/issues/ian-stewart-2013-08-02
Or what it means to be intelligent?
http://www.ideasroadshow.com/issues/john-duncan-2013-08-30
Think again:
http://www.ideasroadshow.com/library

_______________________________________________
Linphone-users mailing list
address@hidden
https://lists.nongnu.org/mailman/listinfo/linphone-users


reply via email to

[Prev in Thread] Current Thread [Next in Thread]