Hi. We are looking for a softphone that can be installed on a cellular phone (preferably NOT Windows based), so that if the phone has Internet (3G - 4G), it can act as a USER AGENT within a Voice over IP session, with an option to encrypt SIP authentication info as well as the RTP packets.
So, these are the characteristics of the softphone:
- Will run on cellular phones with Symbian or Android (iPhone may be); Windows maybe not.
- Will handle SIP protocol for session control.
- SIP authentication could be encrypted. The user can select if yes or no.
- Will handle the RTP voice traffic, and it could also be encrypted.
- Encryption should work like this:
> The phone generates a new pair of public/private keys for each call.
> Sends its public key to the called softphone.
> The called one creates its pair of of public/private keys.
> It also creates a symmetric key.
> It sends its public key to the caller.
> It encrypts the symmetric key with its private key.
> It encrypts that with the public key of the caller.
> It sends this message to the caller.
> The caller decrypt the package received with its private key.
> It decrypts what results with the called one's public key.
> Thus, the caller has got the symmetric key.
> Caller and Callee will encrypt RTP packages with that symmetric key.
- Length of the symmetric key should be good (is 2048 possible?).
- We shall have the source code.
- We shall be able to generate "executables" with the SIP configuration and the UA parameters fixed, not using config files.
We have Asterisk server, so if you think we have to modify anything on the server (i.e. for the SIP authentication encryption) please let us know.
We are not encryption experts, but... we are reading ;) to learn.