Configuring SIP Header Value Encryption
For enhanced security, you can configure the device to encrypt the value of a specific SIP header. Encryption is done using the AES-256 key encryption algorithm.
This feature is typically used between two AudioCodes devices, where one encrypts the SIP header value before sending the SIP message, while the other decrypts the value when it receives the SIP message.
This feature is intended for SIP headers that are not used by the device for classification or routing. For example, you may want to encrypt the value of a proprietary SIP header called "P-Access-Network-Info" that may contain sensitive information.
|
➢
|
To configure SIP header value encryption: |
|
1.
|
Configure the AES-256 encryption key: |
|
a.
|
Open the SIP Definitions General Settings page (Setup menu > Signaling & Media tab > SIP Definitions folder > SIP Definitions General Settings). |
|
b.
|
In the 'AES-256 Encryption Key' parameter, enter the encryption key: |
|
●
|
The key must be 32 characters. |
|
●
|
Configure both devices with the same key. |
|
2.
|
Configure a Message Manipulation rule to specify the SIP header to encrypt: |
|
b.
|
Click New, and then configure the rule as follows: |
|
◆
|
'Manipulation Set ID': Configure an ID. |
|
◆
|
'Message Type': Configure the type of SIP message (e.g., Invite). |
|
◆
|
'Action Subject': Configure the SIP header whose value you want to encrypt (e.g., P-Access-Network-Info). |
|
◆
|
'Action Type': Select Modify. |
|
◆
|
'Action Value': Use the Funct.Encrypt option to encrypt the SIP header (e.g., Funct.Encrypt(P-Access-Network-Info)). |
On the device that decrypts the SIP header value, configure the 'Action Value' parameter to Funct.Decrypt(P-Access-Network-Info) for the relevant Message Manipulation rule.
|
3.
|
Open the IP Groups table (see Configuring IP Groups), and then assign the Manipulation Set ID (configured in the previous step) to the relevant IP Group. |