News Archive (1999-2012) | 2013-current at LinuxGizmos | IoT and Embedded News Feed |    About   

GPL VoIP libraries, softphone gain enhanced security

Oct 4, 2006 — by LinuxDevices Staff — from the LinuxDevices Archive — 1 views

The GNU telephony project reports that GPL-licensed implementations of two key security protocols are available for use in Linux-based VoIP (voice-over-IP) devices and softphones. Additionally, a GPL-licensed softphone based on the new implementations is already available for download, testing, and use.

The two new security protocol implementations include:

  • SRTP (secure real-time protocol, aka, RFC 3711), a way of encrypting the voice channel or bearer channel in VoIP calls
  • ZRTP, a method of encrypting voice data using self-generated keys, rather than keys from certificate authorities

Zfone on Mac
(Click to enlarge)

ZRTP was invented by Phil Zimmermann, and was previously implemented in Zimmerman's Zfone project. By using self-generated keys accessible neither to the user, nor to any certificate authority, ZRTP appears aimed at closing two potential backdoors through which call streams might otherwise be surreptitiously monitored.

The new GPL-licensed implementation of ZRTP takes the form of a libzrtpcpp library that appears to work with ccRTP 1.5, a free software implementation of SRTP. Together, the two libraries can do much to help engineers develop “secure and intercept-free voice and video communication services,” the GNU telephony project suggests.

High-security softphone

Additionally, a GPL-licensed softphone based on ccRTP and libzrtpcpp is already available for download, testing, and use. The Twinkle phone, available now for Linux, and distributed as part of SUSE Linux, offers basic SIP-based softphone features, along with some advanced features such as KDE integration, direct ALSA as well as OSS driver compatibility, and various agile calling capabilities.

An older Twinkle build's main screen
(Click to enlarge)


ccRTP 1.5, libzrtpcpp 0.9.0, and Twinkle 0.9 are available now. More details about the role of ccRTP and libzrtpcpp in the larger context of the GNU telephony project may be available on the project's Secure Call initiative page.

For general background on VoIP security, don't miss this vendor-neutral whitepaper from encyption technology provider Certicom.

This article was originally published on and has been donated to the open source community by QuinStreet Inc. Please visit for up-to-date news and articles about Linux and open source.

Comments are closed.