SDES (a=crypto SRTP keying)
SDES (Session Description Protocol Security DEScriptions, RFC 4568) is the legacy method for negotiating SRTP encryption keys: the master key is base64-encoded directly into the SDP body via an a=crypto attribute. Simple, broadly compatible, and dangerous when used over unencrypted SIP signaling.
How an a=crypto line is structured
a=crypto:1 AES_CM_128_HMAC_SHA1_80 \
inline:WVNfX19zZW1jdGwgKCkgewkyMjA7fQp9CnVubGVz|2^31|1:1
\______/ \__________/ \__/ \_/
tag cipher-suite MKI lifetime
\__________________ inline params __________________/
Tag : 1 (matches with offer/answer)
Cipher : AES_CM_128_HMAC_SHA1_80
inline:<b64-key> = base64 of (16-byte master key + 14-byte master salt)
2^31 : key lifetime in packets
1:1 : MKI value:length (Master Key Identifier)
The offer/answer flow
- Caller offers SDP with one or more
a=cryptolines (typically 2-3 cipher suites). - Callee picks one cipher suite, generates its own master key, and replies with a single matching
a=cryptoline. - Each side now has both keys: caller key for caller→callee, callee key for callee→caller.
- RTP starts encrypted immediately.
Security model: only as safe as your signaling
SDES puts the actual SRTP key in plaintext inside the SDP body. If the SIP signaling channel is unencrypted (plain UDP/TCP), anyone on the path can read the key and decrypt the call, ISPs, network operators, attackers with packet capture, etc.
Therefore SDES is only secure when the SIP signaling is itself encrypted, typically via SIP-TLS (port 5061). The combination 'SIP-TLS + SDES SRTP' is a long-standing enterprise default.
SDES vs DTLS-SRTP
| SDES | DTLS-SRTP | |
|---|---|---|
| Key location | In SDP body (plaintext) | Derived from DTLS handshake on media port |
| Safe over unencrypted SIP? | No | Yes |
| Required by WebRTC? | No (rejected) | Yes (mandatory) |
| Setup latency | Zero (key is already in INVITE) | ~100-300ms (DTLS handshake) |
| Cipher agility | Multiple offered, one picked | DTLS extension chooses |
| PBX compatibility | Wide (Asterisk, Cisco, Polycom, Avaya) | Modern (Asterisk pjsip 18+, FreeSWITCH 1.10+) |
When SDES is still the right choice
- Inside an enterprise SIP-TLS interconnect where DTLS-SRTP isn't supported on one end.
- Legacy hardware phones (Polycom Soundpoint, older Cisco SCCP-converted devices).
- Carrier-grade SBCs that need zero-RTT media setup (DTLS adds ~200ms).
Common bugs
- One-way audio with SRTP: the offerer included
a=cryptobut didn't change the m-line profile fromRTP/AVPtoRTP/SAVP. Both must agree. - SRTP key reuse: using the same SRTP master key for multiple calls breaks the AES-CTR uniqueness guarantee. Always generate a fresh key per call.
- SDES over WebRTC: WebRTC explicitly rejects SDES. Use DTLS-SRTP for any browser endpoint.
Related terms
SRTP (Secure RTP)
DTLS-SRTP (Encrypted Media Keying)
SDP (Session Description Protocol)
SIP Transports (UDP / TCP / TLS / WSS)
Related glossary terms
Asterisk (open-source PBX framework)
Asterisk is the original open-source telephony framework, started by Mark Spencer in 1999. It is a Class 5 PBX engine: it terminates SIP/IAX
Attestation Levels (A
Attestation levels are the three trust ratings that an originating carrier assigns to outbound calls under STIR/SHAKEN. They tell the termin
Auto-Provisioning (zero-touch desk phone setup)
Auto-provisioning is how you deploy 50, 500, or 50,000 desk phones without manually configuring each one. The phone boots, fetches its confi
Branded Calling (logo + verified name on caller ID)
Branded calling is the modern layer of caller-identity display: instead of (or in addition to) a 15-character CNAM string, the recipient&rsq
Ready to get a number?
Pick a DID in 130+ countries from $1.99/month. Activates instantly on most numbers.