The GNU telephony project reports that GPL-licensed implementations of two key security protocols are available for use in Linux-based VoIP (voice-over-IP) devices and softphones. Additionally, a GPL-licensed softphone based on the new implementations is already available for download, testing, and use.



The two new security protocol implementations include:

* SRTP (secure real-time protocol, aka, RFC 3711), a way of encrypting the voice channel or bearer channel in VoIP calls

* ZRTP, a method of encrypting voice data using self-generated keys, rather than keys from certificate authorities

ZRTP was invented by Phil Zimmermann, and was previously implemented in Zimmerman's Zfone project. By using self-generated keys accessible neither to the user, nor to any certificate authority, ZRTP appears aimed at closing two potential backdoors through which call streams might otherwise be surreptitiously monitored.

The new GPL-licensed implementation of ZRTP takes the form of a libzrtpcpp library that appears to work with ccRTP 1.5, a free software implementation of SRTP. Together, the two libraries can do much to help engineers develop "secure and intercept-free voice and video communication services," the GNU telephony project suggests.

High-security softphone

Additionally, a GPL-licensed softphone based on ccRTP and libzrtpcpp is already available for download, testing, and use. The Twinkle phone, available now for Linux, and distributed as part of SUSE Linux, offers basic SIP-based softphone features, along with some advanced features such as KDE integration, direct ALSA as well as OSS driver compatibility, and various agile calling capabilities.