Applies To

All innovaphone gateways and phones.

Overview

This is an overview of the encryption algorithms that are used in innovaphone products.

SRTP

AES

• Name: Advanced encryption standard
• Type: Symmetric
• Source: Standard algorithm
• Purpose: Voice or media encryption between VOIP endpoints
• Bit strength: 128, 192 or 256 bits
• Key management: A master key is generated using a software PRNG and exchanged using the signalling protocol (H.323, SIPS). Individual keys for data encryption are derived as specified by SRTP standards.

TLS

RSA

• Name: RSA
• Type: Asymmetric
• Source: Standard algorithm
• Purpose: Authentication of network endpoints, distribution of symmetric keys for data encryption
• Bit strength: Defined by the remote certificate. innovaphone products generate RSA keys with modulus sizes of 1024, 2048 or 4096 bits.
• Key management: For decrypting incoming traffic, the public key is taken from the X.509 certificate of the remote endpoint.

AES

• Name: Advanced encryption standard
• Type: Symmetric
• Source: Standard algorithm
• Purpose: Encryption of network traffic between TLS endpoints
• Bit strength: 128 or 256 bits
• Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.

3DES

• Name: Triple Data Encryption Standard
• Type: Symmetric
• Source: Standard algorithm
• Purpose: Encryption of network traffic between TLS endpoints
• Bit strength: 168 bits (112 bits effective)
• Key management: During TLS handshake a master key is negotiated between endpoints using asymetric cryptography (see RSA). The master key is based on keying material generated using a software PRNG. Individual keys for data encryption are derived as specified by TLS standards.