bluenviron
Feature request: add SRTP support to RTSPS server
Please add SRTP support to RTSPS server. You need to implement new SDP attribute from RFC 4567, and MIKEY protocol from RFC 3830. Use MIKEY-NULL mode (NULL encryption and authentication), and use TLS (hence RTSPS only) to protect SRTP key exchange.
@aler9, I've read we do support (TLS-encrypted stream) from the README. Is there any update on this or plans to make this work? What is your idea around this in terms of work?
It looks like the guys from pion did something already: https://github.com/pion/srtp/tree/master
@cedricve we already support TLS-encrypted streams, but with the TCP transport only, in which SRTP is not needed. SRTP is needed with the UDP transport, the problem is finding hardware that supports that specific combination. Until now i haven't found anything that supports it in a standard way.
GStreamer supports it, so GStreamer-based devices (e.g. Axis cameras) should support it. Live555 also supports it. It may be not enabled by default, so check device config options.
Well valid point of @aler9, but indeed some Bosch cameras make this a show up as an unique feature. https://media.boschsecurity.com/fs/media/pb/media/products_1/video_systems_1/bosch_genetec_1/bosch_genetec_end_to_end_security_leaflet.pdf. It looks like this is very vendor specific and almost require a 1 on 1 implementation.
All Bosch IP-cameras have
a built-in Trusted Platform Module (TPM) to safely store
cryptographic keys and enable encryption of all video data,
which is then sent from the camera to the Genetec Archiver
using SRTP (Secure Real-Time Transport Protocol).
this has been implemented in #809. If you have troubles using SRTP/MIKEY with specific devices or software, open dedicated issues.