Thank you for the answer, as you said a master key on srtp will be generated into 6 session keys that are used directly for the encryption and authentication process. However, as mentioned, srtp requires external input as a master key. To be able to communicate using srtp (aes), of course both parties need to have the same key. This is the point of the problem. Which party regulates the key to the security process? Is it on the sender, receiver or even the server?
I found interesting code in the linphone source in the linphone-sdk / mediastreamer2 / tools / mediastreamer.c file which generates the master key for local or remote. Here is the code :
```
void setup_media_streams(MediastreamDatas* args){
.................................................................................
if (args->enable_srtp) {
if (!args->srtp_local_master_key) {
char tmp[30];
snprintf(tmp,sizeof(tmp),"%08x%08x%08x%08x",rand(),rand(),rand(),rand());
args->srtp_local_master_key = (char*) malloc(41);
b64_encode((const char*)tmp, 30, args->srtp_local_master_key, 40);
args->srtp_local_master_key[40] = '\0';
ms_message("Generated local srtp key: '%s'", args->srtp_local_master_key);
}
if (!args->srtp_remote_master_key) {
................................................
}
}
```
Is this the place to generate the master key used for srtp communication?
I use asterisk as a voip server. To be able to communicate with an active SRTP, I must set the type of media encryption on the server with sdes. I think the first point to be discussed for the term "SRTP" that I raised.
Note: I use the linphone console version without UI.
Best Regards,
Hilman