Cisco Systems WRP400 Manual De Usuario
Configuring Voice Services
Secure Call Implementation
ATA Administration Guide
74
4
STEP 2
The caller sends the “Caller Final” message to the called party with the following
information:
information:
•
Message ID (4B)
•
Encrypted Master Key (16B or 128b)
•
Encrypted Master Salt (16B or 128b)
Using a Mini-Certificate
The Master Key and Master Salt are encrypted with the public key from the called
party mini-certificate. The Master Key and Master Salt are used by both ends for
deriving session keys to encrypt subsequent RTP packets. The called party then
responds with a Callee Final message (which is an empty message).
party mini-certificate. The Master Key and Master Salt are used by both ends for
deriving session keys to encrypt subsequent RTP packets. The called party then
responds with a Callee Final message (which is an empty message).
The Mini-Certificate (MC) contains the following information:
•
User Name (32B)
•
User ID or Phone Number (16B)
•
Expiration Date (12B)
•
Public Key (512b or 64B)
•
Signature (1024b or 512B)
The MC has a 512-bit public key used for establishing secure calls. The
administrator must provision each subscriber of the secure call service with an
MC and the corresponding 512-bit private key. The MC is signed with a 1024-bit
private key of the service provider, which acts as the CA of the MC. The 1024-bit
public key of the CA signing the MC must also be provisioned for each subscriber.
administrator must provision each subscriber of the secure call service with an
MC and the corresponding 512-bit private key. The MC is signed with a 1024-bit
private key of the service provider, which acts as the CA of the MC. The 1024-bit
public key of the CA signing the MC must also be provisioned for each subscriber.
The CA public key is used to verify the MC received from the other end. If the MC
is invalid, the call will not switch to secure mode. The MC and the 1024-bit CA
public key are concatenated and base64 encoded into the single parameter
is invalid, the call will not switch to secure mode. The MC and the 1024-bit CA
public key are concatenated and base64 encoded into the single parameter
Mini
Certificate
. The 512-bit private key is base64 encoded into the
SRTP Private Key
parameter, which should be kept secret, like a password. (
Mini Certificate
and
SRTP Private Key
are configured in the Line tabs.)
Because the secure call establishment relies on exchange of information
embedded in message bodies of SIP INFO requests/responses, the service
provider must ensure that the network infrastructure allows the SIP INFO
messages to pass through with the message body unmodified.
embedded in message bodies of SIP INFO requests/responses, the service
provider must ensure that the network infrastructure allows the SIP INFO
messages to pass through with the message body unmodified.