couple of questions on srtpenc/srtpdec configuration
Olivier Crête
olivier.crete at collabora.com
Fri Jul 29 21:14:44 UTC 2016
Hi,
First, you may want to have a look at the dtlssrtpenc/dec elements,
they probably do exactly what you want to do. And even if they don't,
they are a good example of how to implement DTLS-SRTP with the
srtpenc/dec elements.
On Thu, 2016-07-28 at 13:14 -0700, Andres Gonzalez wrote:
> Question: I am assuming the srtpenc property "key" is NOT the RFC5764
> "srtp_mki" value. Is this assumption correct?
The srtpenc/dec elements indeed don't offer the MKI, because libsrtp
doesn't support it.. And as far as I know, no one really uses it.
> Question: I am assuming the output of *this* openssl API routine is
> what
> should be used for the srtpenc property "key" Is this assumption
> correct?
Yes, you have to give the right one depending on if you're the client
or server, one goes to the encoder and the other to the decoder.
> I have studied the source code of a different project that uses
> libsrtp for
> SRTP. These examples show the generation of the 4 subkeys:
> client_write_SRTP_master_key, server_write_SRTP_master_key,
> client_write_SRTP_master_salt, and server_write_SRTP_master_salt.
>
> Question: I am assuming that the srtpenc element internally generates
> those
> 4 required subkeys from the main "key" property so that application
> code
> does not explicitly have to generate these subkeys. Is this
> assumption
> correct?
Those are not subkeys. On the client, you need to give the client
key+salt to the encoder and the server key+salt to the decoder, and the
opposite at the server.
See example in the gst-plugins-bad/ext/dtls
>
> Question: I am assuming that this DTLS mode dependency for key
> generation is
> only applicable to libsrtp library, and not in general for SRTP keys
> for use
> with srtpenc, that is, all of that dependency is dealt with
> internally and
> therefore of no concern at the application pipeline code layer. Is
> this
> assumption correct?
>
No, the mode is a DTLS thing, not a SRTP thing, SRTP has no client or
server. It just has a encoder and a decoder, and they both need the
same key to be able to decode what was encoded. That said, normally you
use a different key for each direction.
--
Olivier Crête
olivier.crete at collabora.com
More information about the gstreamer-devel
mailing list