For maximum call security, Acrobits Softphone and Groundwire support SDES and ZRTP: SDES protects both incoming and outgoing calls for free, and ZRTP encrypts incoming calls for free and requires an in-app purchase for outgoing calls.
SRTP is a method used to encrypt audio for VoIP calls, and it has two key exchange methods: Session Descriptions (SDES) and Zimmermann Real-time Transport Protocol (ZRTP). While both offer call security, ZRTP is considered the latest and more secure protocol, providing enhanced encryption for conversations.
Tips
If call security is vital to you, refer to some reliable sites to determine the right option for you. You may start with the general sites such as the following:
The following sections briefly describe these methods that are available on our softphones.
SDES
Acrobits Softphone and Groundwire offer free SDES encryption for both incoming and outgoing calls.
- Requires a secure signaling channel using the Transport Layer Security (TLS) transport protocol.
- Limited to users with their own private branch exchange (PBX) when the SIP providers do not support TLS.
- Prone to man-in-the-middle attacks such as eavesdropping and dependent on the behavior of proxies along the SIP path.
- Keys may be transferred in clear text between hops.
- Disabled for pushed calls due to security concerns.
ZRTP
Acrobits Softphone and Groundwire offer free ZRTP encryption for incoming calls. You may try ZRTP for incoming calls before deciding to purchase for outgoing calls.
- Media path key exchange method for SRTP.
- Secures calls on insecure channels using User Datagram Protocol (UDP) transport protocol.
- Prevents eavesdropping opportunities at proxies.
Important
For Asterisk users, using ZRTP requires a patch. Get the patch at zfoneproject.com/prod_asterisk.html.
Setting SRTP
You can configure the SRTP settings for each SIP account.
To open the SRTP settings in the application:
- Android devices - Select
> Settings > Accounts > the desired SIP account > Advanced Settings > Secure Calls. - iOS devices - Open the Keypad tab, select
> SIP Accounts or Accounts > the desired SIP account > Advanced Settings > Secure Calls.
SDES Options
The effects of the SDES settings are as follows:
- Incoming calls:
- Disabled - Accepts unencrypted calls only.
- Enabled - Accepts encrypted and unencrypted calls (default).
- Required - Accepts encrypted calls only.
- Outgoing calls:
- Disabled - Makes unencrypted calls (default).
- Best Effort - Makes encrypted calls, but accepts if the other party responds with an unencrypted response.
- Required - Makes encrypted calls and requires encrypted responses.
ZRTP Options
Tips
You may test ZRTP by making a call to your softphone from another ZRTP-enabled SIP softphone. If you can place and receive the call, your provider supports ZRTP for incoming calls. Then, you may purchase ZRTP support for outbound calls. To do so, select Settings > Add-ons > ZRTP for outgoing calls. Follow the instructions on the screen to complete the purchase and secure your calls with end-to-end encryption using ZRTP.
For a free ZRTP-compatible softphone, get one (Zfone) for your desktop at zfoneproject.com/prod_zfone.html)
The effects of the ZRTP settings are as follows:
- Incoming calls:
- Disabled - Accepts unencrypted calls only.
- Enabled- Accepts encrypted and unencrypted calls (default).
- Required - Accepts encrypted calls only.
- Outgoing calls:
- Disabled - Makes unencrypted calls (default).
- Best Effort - Makes encrypted calls, but accepts if the other party responds with an unencrypted response.
- Required - Makes encrypted calls and requires encrypted responses.