Decrypt SRTP with inline encryption
Hi there,
I have a secure SIP session with SRTP audio captured in Wireshark. I am able to decrypt the SIP TLS using the server private key. In the SIP SDP I can see that inline SRTP encryption is used:
a=crypto:1 AES_CM_128_HMAC_SHA1_80 inline:L4q/1bF2POBE3S+WDTYFhotluE28Lm0DEIOD51Ew UNENCRYPTED_SRTCP
Based on the RFC 4568, the key after the "inline" part is the 40 byte long Base64 encoded master+salt concatenation, which, when decoded, should become 30 bytes. However when I tried any of the online Base64 decoders, I got very random output, not what I expected. Using Java code to decode the Base64, I even got some negative bytes. I'm not sure how to decode the key, or if I can use it as it is? I tried inputting this whole string to Wireshark as the "Pre-Shared-Key" for the DTLS protocol, however the audio is still encrypted.
Is there a way to decrypt this SRTP stream in Wireshark?
Base64 is generally used to safely transmit binary values in a textual context, in this case the master+salt is a 30 byte binary blob. For reference this decodes to the following hex representation
2f8abfd5b1763ce044dd2f960d3605868b65b84dbc2e6d03108383e75130
.Using python3:
Thanks for the explanation, now I get it! I would upvote, but I'm just a newbie so I can't :)