The a=crypto attribute is as specified in [RFC4568], with the exception that a single white space MUST be used. The attribute has the following format, expressed using Augmented Backus-Naur Form (ABNF) notation, as defined in [RFC5234].
a=crypto tag WSP crypto-suite WSP key-params *(WSP session-param)
tag field: The tag field is used to specify a decimal number to identify a particular cryptographic attribute in the SDP security description for media streams (2), as specified in [RFC4568]. In the current extension, the semantics of the tag field is more restricted, in that the decimal value MUST be unique across thea=crypto and a=cryptoscale attributes. a=cryptoscale is a new attribute defined by this protocol and is specified in more detail in section 3.1.5.2.
crypto-suite field: The crypto-suite field is used to specify cryptographic methods or algorithms for media encryption. The only crypto-suite option supported is AES_CM_128_HMAC_SHA1_80. In other words, crypto-suite MUST be "AES_CM_128_HMAC_SHA1_80". In [RFC4568], this is defined in the context of "RTP/SAVP" as the transport. In the current extensions, use of this field is extended to the case when the transport is "RTP/AVP" in an SDP offer. This deviation from [RFC4568] is required to support negotiation of SRTP optionally, as specified in section 3.1.5.8.
key-params field: The key-params field is used to specify the keying information. The key-params are further defined in [RFC4568], as follows:
key-params = <key-method> ":" <key-info>
More than one key-params instance per line of a=crypto MUST NOT be used.
The key-method subfield is used to specify the provisional method of the keying information. As specified in [RFC4568], the only method that MUST be used is "inline", indicating that the keying material is provided in the key-info field.
The key-info field is specified in [RFC4568]. The specification of key-info in [RFC4568] is specifically targeted to the "RTP/SAVP" transport. In the current extension, the key-info field can be used for both "RTP/SAVP" and "RTP/AVP". This extension is required to support negotiation of SRTP optionally, as specified in section 3.1.5.8.
Following is the format specified in [RFC4568] for the key-info field.
"inline:" <key||salt> ["|" lifetime] ["|" MKI ":" length]
Following is a list of constraints and values accepted for the key-info field:
-
"MKI" SHOULD be used. If MKI is used, the MKI length MUST be 1 byte.
-
The value for lifetime MUST be "2^31" in SDP offers and SDP answers sent.
-
The value of lifetime MUST be ignored in SDP offers and SDP answers received, and "2^31" MUST be used instead.
session-param field: The session-param field MUST NOT be used.
The following is an example a=crypto attribute:
a=crypto:2 AES_CM_128_HMAC_SHA1_80 inline:t20I47Tyj1NDG6H+gWNpIzAzRPfYeQg8pP+ukwoy|2^31|1:1
Horizontal tab (HTAB code as defined in ABNF) between tokens MUST NOT be used by the application.