11.2.1.9 The "Encryption" Tab
Encryption mode
This is where you specify the mode of encryption. The following encryption modes are available:
No encryption
If "No encryption" is selected, the voice data is not encrypted.
Encryption preferred
When "Encryption preferred" is selected, the voice data is only encrypted if the call partner has configured either "Encryption preferred" or "Encryption mandatory". If this is not the case, the voice data is not encrypted, but phoning is still possible.
Encryption mandatory
When "Encryption mandatory" is selected, voice data encryption is obligatory. This means that either encryption always occurs or the call is aborted with the reason "Incompatible encryption settings". This can be the case, for example, when the call partner has configured the mode "No encryption".
| If the encryption mode was set to "No encryption" within the server properties, the mode is likewise set to "No encryption" here; if "Encryption mandatory" was configured there, then the setting "Encryption mandatory" also appears here. In both cases, the mode cannot be changed. The field is then deactivated. |
Key (PreSharedKey)
To ensure secure communication by SRTP, a common key (PreSharedKey) must be defined between SwyxServer and the relevant component.
For all components which use the SwyxWare database (e.g. SwyxIt! Classic, PhoneMgr, ConferenceMgr, LinkMgr, Gateway), this key is automatically generated by SwyxServer and distributed to the relevant component, once again encrypted.
| The key created automatically generated by SwyxServer serves as an example only. For security reasons, it is highly recommended to manually replace it by an individually selected key. |
However, in a few cases the key must be specified manually:
If the user uses a SIP phone (with MIKEY support) from another manufacturer, there is no automatic distribution of a key from SwyxServer to the device. It must therefore be entered manually in this case. The key must then be stored in the device as well, e.g. via the phone's web interface.
Other exceptions, which may e.g. require manual input of the key, are:
Connection of two SwyxServers via a SwyxLink
SIP link for the use of VoIP services of e.g. service providers
However, these must be configured within the trunk properties.
This is how you specify the encryption mode in the user properties.
1 Start the SwyxWare Administration and log in to the SwyxServer.
2 Click the user entry with the right mouse button to open the shortcut menu.
3 Select "Properties".
4 Select the "Encryption" Tab.
5 In the field "Encryption mode", choose from:
No encryption
Encryption preferred
Encryption mandatory
6 If the user uses a device from another manufacturer, enter the key in the "Key" field. You must then set this in the device as well (e. g. via a web interface).
7 Click on "OK".