ZRTP support in the Asterisk PBX
This document defines the ZRTP Extension for Asterisk PBX. ZRTP is a protocol for the media path Diffie-Hellman exchange to agree on a session key, and parameters for establishing Secure Real-time Transport Protocol (SRTP) sessions. The ZRTP protocol is keyed by media path because it is multiplexed on the same port as RTP and does not require support in the signaling protocol. ZRTP does not assume a Public Key Infrastructure (PKI) or require the complexity of certificates in end devices.
It is impossible to use clean, unmodified Asterisk with ZRTP because of P2P key negotiation and encryption:
- Unmodified asterisk rejects ZRTP protocol packets;
- Asterisk may act as a VoIP endpoint to provide media re-compressing between different physical networks or if two endpoints have a different set of media codecs. In this case the PBX should act as a ZRTP endpoint and transfer the Short Authentication String to the registered user.
This patch for Asterisk solves these two main problems and provides additional services to make a ZRTP encrypted VoIP call more comfortable and easy to use.
This document is divided into two parts: Asterisk ZRTP Users Guide and Asterisk ZRTP Developers Guide. The Users Guide describes common PBX ZRTP scenarios, explains how ZRTP works with PBX, and gives information about the ZRTP unit configuration. ZRTP system administrators and end users may wish to review the "Users Guide" only, but Asterisk developers should read both parts of the document.