Voice encryption

http://www.broadbandreports.com/forum/remark,13657675~start=20

I currently have no way of telling how good the encryption built into the Sipura adapters is (so it may be easier to "crack" then people believe). And furthermore, the only place I've found to get the encryption keys is the Voxilla.com web site (and no matter how secure a web site is, it is still a "3rd party" that has access to your keys, and from a security/encryption standpoint that is "a bad thing"). And finally, encryption will only work with other sites/adapters that support encryption, which most of them don't (so most of your calls will still probably behave the same as if you didn't have encryption enabled).

So all things considered, I wouldn't trust Sipura "secure calls" (encryption) to keep people from "listening in" on your calls. However, it might "slow them down" some, and IMHO you have nothing to lose by enabling this feature. After all, if the encryption works, you may have prevented some "eves-dropper" from intercepting you call. But even if the encryption fails, you are no worse off then before (because the "normal case" is to send your voice "in the clear"). With that in mind, here is how I just enabled voice encryption on my Sipura adapters (tested by calling between my SPA-3000, and my older SPA-2000).

1) Sign up with a free account at »www.voxilla.com. This is necessary, as the only place I am currently aware of that allows you to get the encryption keys is the voxilla web site, and they require you to be a "member" to run their "wizards".

2) Go to the Voxilla Sipura encryption Wizard. You can either find the link (on the left hand panel) at the main voxilla web site, or the current "direct link" is at this URL: »voxilla.com/certrequest.php

3) On the above web page, completely fill out the form. Apparently the form will fail unless ALL of the field (including the "Your name or alias" field) are filled in. In the case of the "Your name or alias" field entry, if you don't want to fill it in, do what I did, and just use a single space character as your "name". This Wizard will allow you to push a set of keys (public and private) to your Sipura. Don't forget that this Wizard needs to be run once for each "Line" that the Sipura has (for example, my SPA-2000 has two "lines", and each line needs a different "key").

4) Check to make sure that the Voxilla encryption wizard pushed encryption keys to your adapter. You can verify this by looking at the (admin login, advanced) "Line x" tab fields: "Mini Certificate:" and "SRTP Private Key:". If these fields are still empty/blank (the default for Sipura adapters) than the Wizard didn't do its job. However, if the "Mini Certificate:" has a bunch of characters in it, and the "SRTP Private Key:" shows "*************" (indicating that something hidden is in that field), than the public/private keys were entered into your Sipura (which is what you want to have happen).

5) The Voxilla wizard suggests you enter "*18" to do a "secure" call. However, why would you want to bother with that? Wouldn't you want the Sipura to just "default" to "secure" mode when it can? To make "secure"/"encrypted" calls the default (while still allowing other calls when encryption isn't available), go over to the (admin login, advanced) user tab for the line, and change "Secure Call Setting:" to "yes".

6) At this point, the Sipura should work the same as it did before, EXCEPT when you call DIRECTLY (not via a 3rd party) some location that supports encrypted calls (for example, another Sipura with this feature enabled). When encryption is supported (by both sides), the Sipura appears to take an extra second or so to initially connect, and then beeps at you three times (to let you know that the call is "secure"). I also noticed a little extra (maybe 1/3 second?) latency/lag in the call, but the sound was otherwise "clear" when I tried this on my LAN between my SPA-2000 and SPA-3000.

NOTE: I have not yet had an opportunity to test encryption with "Free World Dialup" (so YMMV). But according to posts I've seen in the past, FWD does support (pass though) Sipura voice encryption when all of the following are the case: 1) Both parties (the caller and the called party) in the call have Sipura adapters with encryption keys installed (and remember they are NOT installed by default, you have to use the Voxilla wizard to get them). 2) Both parties are on FWD directly, not via some "peering partner". 3) Both parties are using "fwd.pulver.com" as their proxy (i.e. neither party is using the alternate "fwdnat.pulver.com"). and 4) the party making the call has told their adapter to make a "secure call" (for example by having "Secure Call Setting: yes").