SharpSRTP 0.5.6

SharpSRTP

DTLS, DTLS-SRTP and SRTP/SRTCP client and server written in C#.

👁 NuGet version

Implements the following RFCs:

1. The Secure Real-time Transport Protocol (SRTP) RFC3711
2. Session Description Protocol (SDP) Security Descriptions for Media Streams RFC4568
3. The SEED Cipher Algorithm and Its Use with the Secure Real-Time Transport Protocol (SRTP) RFC5669
4. Datagram Transport Layer Security (DTLS) Extension to Establish Keys for the Secure Real-time Transport Protocol (SRTP) RFC5764
5. The Use of AES-192 and AES-256 in Secure RTP RFC6188
6. Encryption of Header Extensions in the Secure Real-time Transport Protocol (SRTP) RFC6904
7. AES-GCM Authenticated Encryption in the Secure Real-time Transport Protocol (SRTP) RFC7714
8. The ARIA Algorithm and Its Use with the Secure Real-Time Transport Protocol (SRTP) RFC8269
9. Double Encryption Procedures for the Secure Real-Time Transport Protocol (SRTP) RFC8723

SRTP Crypto Suites

Currently implemented SRTP Crypto Suites are:

1. AES_CM_128_HMAC_SHA1_80 RFC4568
2. AES_CM_128_HMAC_SHA1_32 RFC4568
3. F8_128_HMAC_SHA1_80 RFC4568
4. SEED_CTR_128_HMAC_SHA1_80 RFC5669
5. SEED_128_CCM_80 RFC5669
6. SEED_128_GCM_96 RFC5669
7. AES_192_CM_HMAC_SHA1_80 RFC6188
8. AES_192_CM_HMAC_SHA1_32 RFC6188
9. AES_256_CM_HMAC_SHA1_80 RFC6188
10. AES_256_CM_HMAC_SHA1_32 RFC6188
11. AEAD_AES_128_GCM RFC7714
12. AEAD_AES_256_GCM RFC7714

DTLS-SRTP Protection Profiles

Currently implemented DTLS-SRTP protection profiles are:

1. SRTP_AES128_CM_HMAC_SHA1_80 RFC5764
2. SRTP_AES128_CM_HMAC_SHA1_32 RFC5764
3. SRTP_NULL_HMAC_SHA1_80 RFC5764
4. SRTP_NULL_HMAC_SHA1_32 RFC5764
5. SRTP_AEAD_AES_128_GCM RFC7714
6. SRTP_AEAD_AES_256_GCM RFC7714
7. DOUBLE_AEAD_AES_128_GCM_AEAD_AES_128_GCM RFC8723
8. DOUBLE_AEAD_AES_256_GCM_AEAD_AES_256_GCM RFC8723
9. SRTP_ARIA_128_CTR_HMAC_SHA1_80 RFC8269
10. SRTP_ARIA_128_CTR_HMAC_SHA1_32 RFC8269
11. SRTP_ARIA_256_CTR_HMAC_SHA1_80 RFC8269
12. SRTP_ARIA_256_CTR_HMAC_SHA1_32 RFC8269
13. SRTP_AEAD_ARIA_128_GCM RFC8269
14. SRTP_AEAD_ARIA_256_GCM RFC8269

Thread Safety

SharpSRTP is not thread-safe. If multiple threads need to access the same SRTP context, proper synchronization mechanisms must be implemented by the user.

DTLS

The current DTLS implementation is based upon BouncyCastle and supports DTLS 1.2 only.

DTLS Server

Start with generating the TLS certificate. Self-signed RSA SHA256 certificate can be generated as follows:

bool isRSA = true;
var rsaCertificate = DtlsCertificateUtils.GenerateCertificate("DTLS", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS server:

DtlsServer server = new DtlsServer(rsaCertificate.Certificate, rsaCertificate.PrivateKey, SignatureAlgorithm.rsa, HashAlgorithm.sha256);

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

EndPoint localEndpoint = new IPEndPoint(IPAddress.Any, 8888);
EndPoint remoteEndpoint = new IPEndPoint(IPAddress.Any, 0);
Socket listenSocket = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
listenSocket.ReceiveTimeout = 0;
listenSocket.Bind(localEndpoint);

Wait for the client and perform DTLS handshake:

UdpTransport transport = null;
byte[] buffer = new byte[UdpTransport.MTU];

bool isShutdown = false;
while(!isShutdown)
{
 int length = listenSocket.ReceiveFrom(buffer, ref remoteEndpoint);
 if (length > 0)
 {
 if(transport != null)
 {
 if (!transport.TryAddToReceiveQueue(buffer.ToArray()))
 {
 throw new Exception("Receive queue full!");
 }
 }
 else
 {
 transport = new UdpTransport(listenSocket, remoteEndpoint, UdpTransport.MTU, (t) => { transport = null; });
 transport.TryAddToReceiveQueue(buffer.Take(length).ToArray());

 var session = Task.Run(() =>
 {
 DtlsTransport dtlsTransport = server.DoHandshake(transport, out string error, null);
 if (dtlsTransport != null)
 {
 ...
 }
 else
 {
 transport = null;
 }
 });
 }
 }
}

Receive data from the client:

byte[] buffer = new byte[dtlsTransport.GetReceiveLimit()];
int receivedLength = dtlsTransport.Receive(buffer, 0, buffer.Length, 1000);

Send data to the client:

dtlsTransport.Send(buffer, 0, buffer.Length);

To modify the offered crypto suites for the DTLS handshake, simply override GetSupportedCipherSuites and return a different set of crypto suites. To support a different version of DTLS, override GetSupportedVersions and return a different version. Note that as of January 2026, BouncyCastle still does not support DTLS 1.3.

DTLS Client

Start with creating the TLS certificate. Certificate type of the client must match the certificate type on the server, meaning if the server uses RSA certificate, the client has to use RSA certificate as well:

var rsaCertificate = DtlsCertificateUtils.GenerateCertificate("DTLS", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), true);

Create the DTLS client:

DtlsClient client = new DtlsClient(null, rsaCertificate.certificate, rsaCertificate.key, SignatureAlgorithm.rsa, HashAlgorithm.sha256);

Optionally, you can let the client auto-generate the matching certificate:

DtlsClient client = new DtlsClient();

Create the DTLS transport. Here we will use UDP on localhost, port 8888:

Socket socket = new Socket(AddressFamily.InterNetwork, SocketType.Dgram, ProtocolType.Udp);
IPEndPoint remoteEndpoint = new IPEndPoint(IPAddress.Loopback, 8888);
socket.Connect(remoteEndpoint);

UdpTransport udpClientTransport = new UdpTransport(socket);

Connect the client:

DtlsTransport dtlsTransport = client.DoHandshake(out string error, udpClientTransport);

Receive data to the server:

dtlsTransport.Send(buffer, 0, buffer.Length);

Receive data from the server:

byte[] buffer = new byte[dtlsTransport.GetReceiveLimit()];
int receivedLength = dtlsTransport.Receive(buffer, 0, buffer.Length, 100);

Close the transport:

dtlsTransport.Close();

SRTP

SRTP implementation is designed to take RTP/RTCP and convert it to SRTP/SRTCP while maintaining the SRTP context. RTP/RTSP server and clients are out of the scope of this library, but for a fully working example based upon SharpRTSP please refer to the examples.

Server

Generate a random SRTP master key for AES_CM_128_HMAC_SHA1_80 on the server:

string cryptoSuite = SrtpCryptoSuites.AES_CM_128_HMAC_SHA1_80;
byte[] MKI = null;
SrtpKeys keys = SrtpProtocol.CreateMasterKeys(cryptoSuite, MKI);

Obtain the generated master key + master salt to send it to the client:

byte[] masterKeySalt = keys.MasterKeySalt;

Create a new SRTP context using those keys:

SrtpSessionContext context = SrtpProtocol.CreateSrtpSessionContext(keys);

Client

Create a new SRTP context using existing keys from the server:

string cryptoSuite = SrtpCryptoSuites.AES_CM_128_HMAC_SHA1_80;
byte[] masterKeySalt = ...
byte[] MKI = null;
SrtpKeys keys = SrtpProtocol.CreateMasterKeys(cryptoSuite, MKI, masterKeySalt);
SrtpSessionContext context = SrtpProtocol.CreateSrtpSessionContext(keys);

RTP

To encrypt RTP and create SRTP:

byte[] rtp = ...
byte[] rtpBuffer = new byte[context.CalculateRequiredSrtpPayloadLength(rtp.Length)];
Buffer.BlockCopy(rtp, 0, rtpBuffer, 0, rtp.Length);
context.ProtectRtp(rtpBuffer, rtp.Length, out int length);
byte[] srtp = rtpBuffer.Take(length).ToArray();

To decrypt SRTP and create RTP:

byte[] srtp = ...
context.UnprotectRtp(srtp, srtp.Length, out int length);
byte[] rtp = srtp.Take(length).ToArray();

RTCP

To encrypt RTCP and create SRTCP:

byte[] rtcp = ...
byte[] rtcpBuffer = new byte[context.CalculateRequiredSrtcpPayloadLength(rtcp.Length)];
Buffer.BlockCopy(rtcp, 0, rtcpBuffer, 0, rtcp.Length];
context.ProtectRtcp(rtcpBuffer, rtcp.Length, out int length);
byte[] srtcp = rtcpBuffer.Take(length).ToArray();

To decrypt SRTCP and create RTCP:

byte[] srtcp = ...
context.UnprotectRtcp(srtcp, srtcp.Length, out int length);
byte[] rtcp = srtcp.Take(length).ToArray();

Samples

SRTP samples can be found in the SharpRealtimeStreaming repo.

DTLS-SRTP

DTLS-SRTP uses a modified DTLS client/server with the "use_srtp" extension to negotiate the SRTP encryption parameters and derive the corresponding SRTP keys.

Server

First generate the TLS certificate, this time it will be ECDsa:

bool isRSA = false;
var ecdsaCertificate = DtlsCertificateUtils.GenerateCertificate("WebRTC", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS-SRTP server:

var server = new DtlsSrtpServer(ecdsaCertificate.Certificate, ecdsaCertificate.PrivateKey, SignatureAlgorithm.ecdsa, HashAlgorithm.sha256);

Subscribe for OnSessionStarted:

server.OnSessionStarted += (sender, e) =>
{
 var context = e.Context;
 var clientTransport = e.ClientDatagramTransport;
 ...
};

Create the DTLS transport as in the previous example. After the OnSessionStarted event is executed, you can use the Context to protect/unprotect data and clientTransport to send/receive SRTP.

Client

Generate the TLS certificate, this time it will be ECDsa:

bool isRSA = false;
var ecdsaCertificate = DtlsCertificateUtils.GenerateCertificate("WebRTC", DateTime.UtcNow.AddDays(-1), DateTime.UtcNow.AddDays(30), isRSA);

Create the DTLS-SRTP client:

var client = new DtlsSrtpClient(ecdsaCertificate.Certificate, ecdsaCertificate.PrivateKey, SignatureAlgorithm.ecdsa, HashAlgorithm.sha256)

Subscribe for OnSessionStarted:

client.OnSessionStarted += (sender, e) =>
{
 var context = e.Context;
 var clientTransport = e.ClientDatagramTransport;
 ...
};

Create the DTLS transport as in the previous example. After the OnSessionStarted event is executed, you can use the Context to protect/unprotect data and clientTransport to send/receive SRTP.