SRTP encryption has been supported in the amsip SDK and in the antisip’s mediastreamer2 SDK a few years ago. ZRTP support has been added recently on all platforms!
ZRTP is a protocol from IETF published in April 2011 as rfc6189. ZRTP
describe a key exchange protocol which is used “in-band”. This
helps to interoperates with any SIP/RTP phone and auto-detects
if encryption is supported by other endpoint. When we wish
encryption, it’s very important to still interoperate smootly
with sip agent not supporting SRTP. ZRTP is a must!
Here is the abstract of the rfc:
This document defines ZRTP, a protocol for media path Diffie-Hellman
exchange to agree on a session key and parameters for establishing
unicast Secure Real-time Transport Protocol (SRTP) sessions for Voice
over IP (VoIP) applications. The ZRTP protocol is media path keying
because it is multiplexed on the same port as RTP and does not
require support in the signaling protocol. ZRTP does not assume a
Public Key Infrastructure (PKI) or require the complexity of
certificates in end devices. For the media session, ZRTP provides
confidentiality, protection against man-in-the-middle (MiTM) attacks,
and, in cases where the signaling protocol provides end-to-end
integrity protection, authentication. ZRTP can utilize a Session
Description Protocol (SDP) attribute to provide discovery and
authentication through the signaling channel. To provide best effort
SRTP, ZRTP utilizes normal RTP/AVP (Audio-Visual Profile) profiles.
ZRTP secures media sessions that include a voice media stream and can
also secure media sessions that do not include voice by using an
optional digital signature.