Howto:Encryption algorithms: Difference between revisions
Jump to navigation
Jump to search
(→SRTP) |
(→TLS) |
||
Line 14: | Line 14: | ||
== TLS == | == TLS == | ||
=== RSA === | |||
* '''Name:''' RSA | |||
* '''Type:''' Asymmetric | |||
* '''Source:''' Standard algorithm | |||
* '''Purpose:''' Authentication of network endpoints, distribution of symmetric keys for data encryption | |||
* '''Bit strength:''' Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits. | |||
* '''Key management:''' For decrypting incoming traffic, the public key is taken from the X.509 certificate of the remote endpoint. | |||
=== AES === | === AES === | ||
* '''Name:''' Advanced encryption standard | * '''Name:''' Advanced encryption standard |
Revision as of 14:05, 9 November 2011
Applies To
All innovaphone gateways and phones.
Overview
This is an overview of the encryption algorithms that are used in innovaphone products.
SRTP
AES
- Name: Advanced encryption standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Voice or media encryption between VOIP endpoints
- Bit strength: 128, 192 or 256 bits
- Key management: A master key is generated using a software PRNG and exchanged using the signalling protocol (H.323, SIPS). Individual keys for data encryption are derived as specified by SRTP standards.
TLS
RSA
- Name: RSA
- Type: Asymmetric
- Source: Standard algorithm
- Purpose: Authentication of network endpoints, distribution of symmetric keys for data encryption
- Bit strength: Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits.
- Key management: For decrypting incoming traffic, the public key is taken from the X.509 certificate of the remote endpoint.
AES
- Name: Advanced encryption standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Encryption of network traffic between TLS endpoints
- Bit strength: 128 or 256 bits
- Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.
3DES
- Name: Triple Data Encryption Standard
- Type: Symmetric
- Source: Standard algorithm
- Purpose: Encryption of network traffic between TLS endpoints
- Bit strength: 168 bits (112 bits effective)
- Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.