Updating SRTP Master Key

A single master key provides keying material for confidentiality and integrity protection of the SRTP and the corresponding SRTCP stream.

The SRTP master key is updated in the two circumstances:
  • For each master key, a record of number of packets processed sent is maintained. There is a limit on the number of packets processed that can be processed by a single master key. During encryption or decryption of the RTP/RTCP packets, the SRTP stack checks for the number of packets processed. If the number of packets processed, ha s reached the maximum permisible value , the master key status is identified as stale. The SRTP notifies the SRTP client of the master key status. The SRTP client may decide to update the master key in response to the notification.

  • The SRTP client may update the master key for robust security, prior to master key stale status identification.

An SRTP session must be created and initialized.

  1. The SRTP client receives notification of master key stale state or SRTP client decides to update the master key for security.
  2. The SRTP client updates the master key using the SetMasterKey() API of the class CSRTPCryptoContext.

    1. The prototype of the API is as described below:
      • IMPORT_C void SetMasterKey( const CSRTPMasterKey* aKey);

        This API updates the master key.

        aKey is the input parameter that contains the new master key.

A new master key is returned to the stream or session.

SRTP implementation derives new session keys from the new master key.

SRTP client updates the stream/session cryptographic context with a the new master key.