Secure Real-time Transport Protocol (SRTP) is an extension to the Real-time Transport Protocol (RTP) that adds confidentiality and message authentication, so it’s secure. The SRTP algorithm operates on fully-formed RTP packets to produce SRTP packets that are sent over the network. Because SRTP operates on top of RTP, it is subject to the same network conditions and must handle packets being dropped or received out-of-order. To do this, SRTP only encrypts the payload section of the RTP packet, leaving the header unchanged. To detect tampering with the header, SRTP includes an authenticated hash of the header in each SRTP packet.
Before SRTP packets can be exchanged by two endpoints, both endpoints must agree on a master key to use for the session. The master key is a shared secret, and should be communicated using a trusted secure channel. SRTP uses a number of different keys for each stage of the algorithm, but all of those keys are derived from the master key. For the payload, SRTP uses a symmetric-key encryption algorithm meaning the same key is used for encryption and decryption. The key for each packet is generated from the master key, and from information in the packet’s header. For header authentication, SRTP uses the HMAC-SHA1 algorithm. This algorithm computes a hash of the entire SRTP packet after payload encryption and appends the hash to the end of the packet. After this, the SRTP packet is finished and can be sent to the other side.